Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help getting rid of trojan-spy.win@mx and networm-i.virus@fp


  • This topic is locked This topic is locked
18 replies to this topic

#1 Laurimj

Laurimj

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 30 November 2008 - 01:53 AM

I ran the RSIT and here are the two logs that came through:

Here is the log notepad:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Michael at 2008-11-29 22:45:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 173 MB (0%) free of 38 GB
Total RAM: 479 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:55, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ssstars.scr
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\RODY2C9Y\RSIT[1].exe
C:\Program Files\trend micro\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2B394226-862F-4aa4-AA53-988E24F50841} - (no file)
O2 - BHO: ctpp Class - {4B021269-DD24-48B2-96B4-DA121E9C0502} - C:\WINDOWS\System32\test2a.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ctsr Class - {858126B0-3708-4051-AE8E-B48521401CA2} - C:\WINDOWS\System32\ctsr6.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41} - (no file)
O2 - BHO: psic Class - {B6598677-4B54-42A9-BA67-8B64E3FCD92D} - C:\WINDOWS\System32\psic2_1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: ctap Class - {DB0018A2-F7D9-4B71-9651-640143DF23F9} - C:\WINDOWS\System32\ctap7.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViRsLab] "C:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://rp-reports.webhire.com/crystalrepor...tivexviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159365621906
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktracking.info/ctadl1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - https://clover.cloverpark.k12.wa.us:4443/fo...iator/jinit.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12972 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B394226-862F-4aa4-AA53-988E24F50841}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B021269-DD24-48B2-96B4-DA121E9C0502}]
ctpp Class - C:\WINDOWS\System32\test2a.dll [2004-10-27 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858126B0-3708-4051-AE8E-B48521401CA2}]
ctsr Class - C:\WINDOWS\System32\ctsr6.dll [2004-08-22 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6598677-4B54-42A9-BA67-8B64E3FCD92D}]
psic Class - C:\WINDOWS\System32\psic2_1.dll [2004-09-04 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB0018A2-F7D9-4B71-9651-640143DF23F9}]
ctap Class - C:\WINDOWS\System32\ctap7.dll [2004-04-04 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2001-12-23 4608]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-02 54296]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2003-12-02 58392]
"GhostStartTrayApp"=C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe [2002-08-14 94208]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]
""= []
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-09-20 95960]
"EPSON Stylus Photo R340 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE [2005-04-26 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"QuickTime Task"=C:\Program Files\WebMediaViewer\qttask.exe [2008-11-29 61000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-06 68856]
"ViRsLab"=C:\Program Files\ViRsLab\ViRsLab.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe"="C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe:*:Enabled:MagicBall"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Java\jre1.6.0_05\bin\java.exe"="C:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java Runtime Environment"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe:*:Enabled:SMS Server v3.0.2"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe:*:Enabled:SMS Admin v3.0.2"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe"="C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a4646-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a464a-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-29 22:45:33 ----D---- C:\Program Files\trend micro
2008-11-29 22:45:27 ----D---- C:\rsit
2008-11-29 17:06:50 ----D---- C:\Program Files\AnvTrgrsoftware
2008-11-29 17:05:52 ----D---- C:\Program Files\WebMediaViewer
2008-11-29 11:16:40 ----D---- C:\Program Files\iPod
2008-11-29 11:16:18 ----D---- C:\Program Files\iTunes
2008-11-29 11:16:18 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 11:12:49 ----D---- C:\Program Files\QuickTime
2008-11-29 11:09:37 ----SHD---- C:\Config.Msi
2008-11-20 12:12:22 ----D---- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-11-20 12:12:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-12 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-07 07:29:44 ----D---- C:\Program Files\Bonjour
2008-11-07 07:24:21 ----D---- C:\Program Files\Common Files\Apple
2008-11-04 23:26:46 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-11-04 23:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-04 23:26:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-04 20:40:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-04 20:40:02 ----D---- C:\Program Files\Applications

======List of files/folders modified in the last 1 months======

2008-11-29 22:45:33 ----RD---- C:\Program Files
2008-11-29 19:46:53 ----D---- C:\WINDOWS\Temp
2008-11-29 19:45:26 ----D---- C:\Program Files\Norton Security Scan
2008-11-29 19:40:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-29 19:40:08 ----D---- C:\Program Files\Common Files
2008-11-29 19:32:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-29 19:24:25 ----D---- C:\WINDOWS\system32
2008-11-29 19:23:37 ----A---- C:\rapport.txt
2008-11-29 19:23:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-29 19:22:17 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 18:40:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-29 18:40:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-29 18:40:33 ----D---- C:\WINDOWS\Prefetch
2008-11-29 18:38:31 ----D---- C:\Program Files\MSN Messenger
2008-11-29 14:53:12 ----D---- C:\WINDOWS
2008-11-29 11:19:05 ----SHD---- C:\WINDOWS\Installer
2008-11-29 11:17:49 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 11:17:49 ----AS---- C:\WINDOWS\system32\cwegus.dll
2008-11-29 11:17:48 ----HD---- C:\WINDOWS\inf
2008-11-29 11:17:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-29 11:03:29 ----D---- C:\Program Files\Safari
2008-11-28 18:18:28 ----D---- C:\Program Files\Norton SystemWorks
2008-11-20 11:36:33 ----D---- C:\Program Files\Java
2008-11-20 11:30:45 ----D---- C:\Program Files\MSN
2008-11-17 04:50:12 ----D---- C:\WINDOWS\Help
2008-11-12 03:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 03:02:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:01:58 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:00:50 ----D---- C:\WINDOWS\WinSxS
2008-11-04 23:52:43 ----D---- C:\WINDOWS\system
2008-11-04 23:52:42 ----D---- C:\Program Files\Internet Explorer
2008-11-03 22:16:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 55E50D4B72FB88F0;55E50D4B72FB88F0; \??\C:\Documents and Settings\Michael\Desktop\55E50D4B72FB88F0\55E50D4B72FB88F0 []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-28 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-21 9855]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2001-12-23 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-02 659228]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2001-12-23 1171488]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2001-12-23 160083]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NavEx15.Sys []
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-12 155008]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-12-23 591536]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2003-06-18 138485]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-07-17 317128]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 GhostStartService;GhostStartService; C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [2003-02-04 181312]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

-----------------EOF-----------------

Here is the info notepad:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Michael at 2008-11-29 22:45:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 173 MB (0%) free of 38 GB
Total RAM: 479 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:55, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ssstars.scr
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\RODY2C9Y\RSIT[1].exe
C:\Program Files\trend micro\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2B394226-862F-4aa4-AA53-988E24F50841} - (no file)
O2 - BHO: ctpp Class - {4B021269-DD24-48B2-96B4-DA121E9C0502} - C:\WINDOWS\System32\test2a.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ctsr Class - {858126B0-3708-4051-AE8E-B48521401CA2} - C:\WINDOWS\System32\ctsr6.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41} - (no file)
O2 - BHO: psic Class - {B6598677-4B54-42A9-BA67-8B64E3FCD92D} - C:\WINDOWS\System32\psic2_1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: ctap Class - {DB0018A2-F7D9-4B71-9651-640143DF23F9} - C:\WINDOWS\System32\ctap7.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViRsLab] "C:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://rp-reports.webhire.com/crystalrepor...tivexviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159365621906
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktracking.info/ctadl1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - https://clover.cloverpark.k12.wa.us:4443/fo...iator/jinit.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12972 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B394226-862F-4aa4-AA53-988E24F50841}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B021269-DD24-48B2-96B4-DA121E9C0502}]
ctpp Class - C:\WINDOWS\System32\test2a.dll [2004-10-27 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858126B0-3708-4051-AE8E-B48521401CA2}]
ctsr Class - C:\WINDOWS\System32\ctsr6.dll [2004-08-22 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6598677-4B54-42A9-BA67-8B64E3FCD92D}]
psic Class - C:\WINDOWS\System32\psic2_1.dll [2004-09-04 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB0018A2-F7D9-4B71-9651-640143DF23F9}]
ctap Class - C:\WINDOWS\System32\ctap7.dll [2004-04-04 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2001-12-23 4608]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-02 54296]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2003-12-02 58392]
"GhostStartTrayApp"=C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe [2002-08-14 94208]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]
""= []
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-09-20 95960]
"EPSON Stylus Photo R340 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE [2005-04-26 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"QuickTime Task"=C:\Program Files\WebMediaViewer\qttask.exe [2008-11-29 61000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-06 68856]
"ViRsLab"=C:\Program Files\ViRsLab\ViRsLab.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe"="C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe:*:Enabled:MagicBall"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Java\jre1.6.0_05\bin\java.exe"="C:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java Runtime Environment"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe:*:Enabled:SMS Server v3.0.2"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe:*:Enabled:SMS Admin v3.0.2"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe"="C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a4646-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a464a-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-29 22:45:33 ----D---- C:\Program Files\trend micro
2008-11-29 22:45:27 ----D---- C:\rsit
2008-11-29 17:06:50 ----D---- C:\Program Files\AnvTrgrsoftware
2008-11-29 17:05:52 ----D---- C:\Program Files\WebMediaViewer
2008-11-29 11:16:40 ----D---- C:\Program Files\iPod
2008-11-29 11:16:18 ----D---- C:\Program Files\iTunes
2008-11-29 11:16:18 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 11:12:49 ----D---- C:\Program Files\QuickTime
2008-11-29 11:09:37 ----SHD---- C:\Config.Msi
2008-11-20 12:12:22 ----D---- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-11-20 12:12:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-12 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-07 07:29:44 ----D---- C:\Program Files\Bonjour
2008-11-07 07:24:21 ----D---- C:\Program Files\Common Files\Apple
2008-11-04 23:26:46 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-11-04 23:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-04 23:26:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-04 20:40:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-04 20:40:02 ----D---- C:\Program Files\Applications

======List of files/folders modified in the last 1 months======

2008-11-29 22:45:33 ----RD---- C:\Program Files
2008-11-29 19:46:53 ----D---- C:\WINDOWS\Temp
2008-11-29 19:45:26 ----D---- C:\Program Files\Norton Security Scan
2008-11-29 19:40:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-29 19:40:08 ----D---- C:\Program Files\Common Files
2008-11-29 19:32:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-29 19:24:25 ----D---- C:\WINDOWS\system32
2008-11-29 19:23:37 ----A---- C:\rapport.txt
2008-11-29 19:23:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-29 19:22:17 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 18:40:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-29 18:40:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-29 18:40:33 ----D---- C:\WINDOWS\Prefetch
2008-11-29 18:38:31 ----D---- C:\Program Files\MSN Messenger
2008-11-29 14:53:12 ----D---- C:\WINDOWS
2008-11-29 11:19:05 ----SHD---- C:\WINDOWS\Installer
2008-11-29 11:17:49 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 11:17:49 ----AS---- C:\WINDOWS\system32\cwegus.dll
2008-11-29 11:17:48 ----HD---- C:\WINDOWS\inf
2008-11-29 11:17:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-29 11:03:29 ----D---- C:\Program Files\Safari
2008-11-28 18:18:28 ----D---- C:\Program Files\Norton SystemWorks
2008-11-20 11:36:33 ----D---- C:\Program Files\Java
2008-11-20 11:30:45 ----D---- C:\Program Files\MSN
2008-11-17 04:50:12 ----D---- C:\WINDOWS\Help
2008-11-12 03:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 03:02:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:01:58 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:00:50 ----D---- C:\WINDOWS\WinSxS
2008-11-04 23:52:43 ----D---- C:\WINDOWS\system
2008-11-04 23:52:42 ----D---- C:\Program Files\Internet Explorer
2008-11-03 22:16:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 55E50D4B72FB88F0;55E50D4B72FB88F0; \??\C:\Documents and Settings\Michael\Desktop\55E50D4B72FB88F0\55E50D4B72FB88F0 []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-28 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-21 9855]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2001-12-23 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-02 659228]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2001-12-23 1171488]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2001-12-23 160083]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NavEx15.Sys []
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-12 155008]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-12-23 591536]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2003-06-18 138485]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-07-17 317128]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 GhostStartService;GhostStartService; C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [2003-02-04 181312]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

-----------------EOF-----------------

I also ran a Kaspersky as well and it came up with a ton, here is what I got.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 30, 2008 01:42:04
Records in database: 1428315
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Michael\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 42466
Threat name: 24
Infected objects: 38
Suspicious objects: 0
Duration of the scan: 01:40:51


File name / Threat name / Threats count
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B73030E Infected: Trojan-Downloader.Win32.Zlob.abte 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B762D0A Infected: Trojan-Downloader.Win32.Zlob.abrn 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B7C0103 Infected: Trojan-Downloader.Win32.Zlob.abwd 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1E4870.dll Infected: Trojan-Downloader.Win32.Small.ia 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0FDD7FED Infected: Trojan-Downloader.Java.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\145F25B8 Infected: Email-Worm.Win32.NetSky.c 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18EC1D00 Infected: Trojan.JS.Agent.o 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D941D68.exe Infected: not-a-virus:AdWare.Win32.BHO.dht 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F281FA6.htm Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F281FA6.htm Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\259E3B58.exe Infected: Trojan.Win32.SecondThought.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28642534 Infected: Trojan-Downloader.Win32.Zlob.abtf 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E29006F.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E39525D.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30AD2820 Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\310F13B5 Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36D217CD Infected: Email-Worm.Win32.Mabutu.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3B8F1828 Infected: Trojan-Downloader.Win32.Zlob.fjh 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3C6A1537 Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CD67EC0 Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\49CC674F Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A277EEA Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5ADD2FB7 Infected: Email-Worm.Win32.NetSky.c 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E4005BF Infected: Trojan-Downloader.Java.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F245402.exe Infected: Trojan.Win32.SecondThought.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\665517D0 Infected: Trojan-Downloader.Win32.Zlob.abwe 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A6B2120.htm Infected: Exploit.HTML.IESlice.d 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C28337D Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C974703 Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D2747AA.dll Infected: Trojan-Downloader.Win32.Zlob.bsu 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\703A557D.dll Infected: Trojan-Downloader.Win32.Zlob.bsu 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\703D7F7A.dll Infected: Trojan-Downloader.Win32.Zlob.bsu 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7EBF3D60.htm Infected: Packed.JS.Agent.i 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7EC2675D.htm Infected: Packed.JS.Agent.i 1
C:\WINDOWS\Downloaded Program Files\install026.exe Infected: Trojan.Win32.SecondThought.c 1
C:\WINDOWS\system32\ctap7.dll Infected: not-a-virus:AdWare.Win32.BHO.bg 1
C:\WINDOWS\system32\ctsr6.dll Infected: Trojan-Clicker.Win32.Agent.dp 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:51 PM

Posted 30 November 2008 - 02:55 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.



Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\Downloaded Program Files\install026.exe 
    C:\WINDOWS\system32\ctap7.dll 
    C:\WINDOWS\system32\ctsr6.dll
    C:\Program Files\AnvTrgrsoftware
    C:\Program Files\WebMediaViewer
    C:\WINDOWS\System32\test2a.dll
    
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=-
    "ViRsLab"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "QuickTime Task"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB0018A2-F7D9-4B71-9651-640143DF23F9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858126B0-3708-4051-AE8E-B48521401CA2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B394226-862F-4aa4-AA53-988E24F50841}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B021269-DD24-48B2-96B4-DA121E9C0502}]
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Also post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Laurimj

Laurimj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 30 November 2008 - 10:27 PM

Thank you for the email. Here is what came up on the MoveIt log:

========== FILES ==========
File/Folder C:\WINDOWS\Downloaded Program Files\install026.exe not found.
File/Folder C:\WINDOWS\system32\ctap7.dll not found.
File/Folder C:\WINDOWS\system32\ctsr6.dll not found.
File/Folder C:\Program Files\AnvTrgrsoftware not found.
File/Folder C:\Program Files\WebMediaViewer not found.
File/Folder C:\WINDOWS\System32\test2a.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ViRsLab not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\QuickTime Task deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB0018A2-F7D9-4B71-9651-640143DF23F9}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858126B0-3708-4051-AE8E-B48521401CA2}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B394226-862F-4aa4-AA53-988E24F50841}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B021269-DD24-48B2-96B4-DA121E9C0502}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\me_47b94cKvVYzp2LO scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\me_DUZ36NOgjl6si9H scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\me_gGGkzggVVF0Ubzm scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\me_Ps scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_184346

Files moved on Reboot...
File C:\DOCUME~1\Michael\LOCALS~1\Temp\me_47b94cKvVYzp2LO not found!
File C:\DOCUME~1\Michael\LOCALS~1\Temp\me_DUZ36NOgjl6si9H not found!
File C:\DOCUME~1\Michael\LOCALS~1\Temp\me_gGGkzggVVF0Ubzm not found!
File C:\DOCUME~1\Michael\LOCALS~1\Temp\me_Ps not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_1fc.dat not found!


Here is what came up on the new RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Michael at 2008-11-30 19:08:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 864 MB (2%) free of 38 GB
Total RAM: 479 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:28, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\RODY2C9Y\RSIT[1].exe
C:\Program Files\trend micro\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: psic Class - {B6598677-4B54-42A9-BA67-8B64E3FCD92D} - C:\WINDOWS\System32\psic2_1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://rp-reports.webhire.com/crystalrepor...tivexviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159365621906
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktracking.info/ctadl1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - https://clover.cloverpark.k12.wa.us:4443/fo...iator/jinit.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12255 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6598677-4B54-42A9-BA67-8B64E3FCD92D}]
psic Class - C:\WINDOWS\System32\psic2_1.dll [2004-09-04 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2001-12-23 4608]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-02 54296]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2003-12-02 58392]
"GhostStartTrayApp"=C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe [2002-08-14 94208]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]
""= []
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-09-20 95960]
"EPSON Stylus Photo R340 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE [2005-04-26 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"QuickTime Task"=C:\Program Files\WebMediaViewer\qttask.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-06 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe"="C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe:*:Enabled:MagicBall"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Java\jre1.6.0_05\bin\java.exe"="C:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java Runtime Environment"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe:*:Enabled:SMS Server v3.0.2"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe:*:Enabled:SMS Admin v3.0.2"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe"="C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a4646-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a464a-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-30 18:39:59 ----D---- C:\_OTMoveIt
2008-11-29 22:45:33 ----D---- C:\Program Files\trend micro
2008-11-29 22:45:27 ----D---- C:\rsit
2008-11-29 11:16:40 ----D---- C:\Program Files\iPod
2008-11-29 11:16:18 ----D---- C:\Program Files\iTunes
2008-11-29 11:16:18 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 11:12:49 ----D---- C:\Program Files\QuickTime
2008-11-29 11:09:37 ----SHD---- C:\Config.Msi
2008-11-20 12:12:22 ----D---- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-11-20 12:12:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-12 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-07 07:29:44 ----D---- C:\Program Files\Bonjour
2008-11-07 07:24:21 ----D---- C:\Program Files\Common Files\Apple
2008-11-04 23:26:46 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-11-04 23:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-04 23:26:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-04 20:40:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-04 20:40:02 ----D---- C:\Program Files\Applications

======List of files/folders modified in the last 1 months======

2008-11-30 19:06:44 ----D---- C:\WINDOWS\Temp
2008-11-30 19:01:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-30 19:00:10 ----RD---- C:\Program Files
2008-11-30 19:00:10 ----D---- C:\Program Files\Common Files
2008-11-30 18:48:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 18:40:02 ----D---- C:\WINDOWS\system32
2008-11-30 18:40:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-29 19:45:26 ----D---- C:\Program Files\Norton Security Scan
2008-11-29 19:23:37 ----A---- C:\rapport.txt
2008-11-29 19:23:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-29 19:22:17 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 18:40:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-29 18:40:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-29 18:40:33 ----D---- C:\WINDOWS\Prefetch
2008-11-29 18:38:31 ----D---- C:\Program Files\MSN Messenger
2008-11-29 14:53:12 ----D---- C:\WINDOWS
2008-11-29 11:19:05 ----SHD---- C:\WINDOWS\Installer
2008-11-29 11:17:49 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 11:17:49 ----AS---- C:\WINDOWS\system32\cwegus.dll
2008-11-29 11:17:48 ----HD---- C:\WINDOWS\inf
2008-11-29 11:17:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-29 11:03:29 ----D---- C:\Program Files\Safari
2008-11-28 18:18:28 ----D---- C:\Program Files\Norton SystemWorks
2008-11-20 11:36:33 ----D---- C:\Program Files\Java
2008-11-20 11:30:45 ----D---- C:\Program Files\MSN
2008-11-17 04:50:12 ----D---- C:\WINDOWS\Help
2008-11-12 03:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 03:02:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:01:58 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:00:50 ----D---- C:\WINDOWS\WinSxS
2008-11-04 23:52:43 ----D---- C:\WINDOWS\system
2008-11-04 23:52:42 ----D---- C:\Program Files\Internet Explorer
2008-11-03 22:16:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 55E50D4B72FB88F0;55E50D4B72FB88F0; \??\C:\Documents and Settings\Michael\Desktop\55E50D4B72FB88F0\55E50D4B72FB88F0 []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-28 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-21 9855]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2001-12-23 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-02 659228]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2001-12-23 1171488]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2001-12-23 160083]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NavEx15.Sys []
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-12 155008]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-12-23 591536]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2003-06-18 138485]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-07-17 317128]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 GhostStartService;GhostStartService; C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [2003-02-04 181312]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

-----------------EOF-----------------

Thanks in advance for your help!

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:51 PM

Posted 01 December 2008 - 04:29 PM

Please copy the text below into OTMoveIt3 and click on MoveIt just like you did before.

:files
C:\WINDOWS\System32\psic2_1.dll

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6598677-4B54-42A9-BA67-8B64E3FCD92D}]


===============


I see you have Malwarebytes installed. I need you to update the definitions and then run a new scan
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform quick scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Also post a new log from RSIT.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Laurimj

Laurimj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 01 December 2008 - 09:05 PM

Hi and good afternoon.

I did the move it and the following results came up:

========== FILES ==========
C:\WINDOWS\System32\psic2_1.dll unregistered successfully.
C:\WINDOWS\System32\psic2_1.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6598677-4B54-42A9-BA67-8B64E3FCD92D}\\ not found.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_174355

I am in the process of doing the malwarebytes update and will post that and the RSIT log shortly as well as feedback on the computer.

#6 Laurimj

Laurimj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 01 December 2008 - 09:25 PM

Hi there,

This is what MBAM found:

Malwarebytes' Anti-Malware 1.30
Database version: 1443
Windows 5.1.2600 Service Pack 3

12/1/2008 6:02:46 PM
mbam-log-2008-12-01 (18-02-46).txt

Scan type: Quick Scan
Objects scanned: 62738
Time elapsed: 10 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\QuickTime Task (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Michael\Start Menu\\Programs\AntivirusTrigger 2.1 (Rogue.VirusTrigger) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\NPROTECT\01928985.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\RECYCLER\NPROTECT\01928986.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\NPROTECT\01928987.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Start Menu\\Programs\AntivirusTrigger 2.1\AntivirusTrigger 2.1.lnk (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cwegus.dll (Trojan.Zlob) -> Quarantined and deleted successfully.


Here is the new RSIT log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Michael at 2008-12-01 18:05:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 889 MB (2%) free of 38 GB
Total RAM: 479 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:17, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\8KJJENHI\RSIT[1].exe
C:\Program Files\trend micro\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://rp-reports.webhire.com/crystalrepor...tivexviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159365621906
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktracking.info/ctadl1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - https://clover.cloverpark.k12.wa.us:4443/fo...iator/jinit.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11977 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2001-12-23 4608]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-02 54296]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2003-12-02 58392]
"GhostStartTrayApp"=C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe [2002-08-14 94208]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]
""= []
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-09-20 95960]
"EPSON Stylus Photo R340 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE [2005-04-26 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-06 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe"="C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe:*:Enabled:MagicBall"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Java\jre1.6.0_05\bin\java.exe"="C:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java Runtime Environment"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe:*:Enabled:SMS Server v3.0.2"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe:*:Enabled:SMS Admin v3.0.2"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe"="C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a4646-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a464a-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-30 18:39:59 ----D---- C:\_OTMoveIt
2008-11-29 22:45:33 ----D---- C:\Program Files\trend micro
2008-11-29 22:45:27 ----D---- C:\rsit
2008-11-29 11:16:40 ----D---- C:\Program Files\iPod
2008-11-29 11:16:18 ----D---- C:\Program Files\iTunes
2008-11-29 11:16:18 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 11:12:49 ----D---- C:\Program Files\QuickTime
2008-11-29 11:09:37 ----SHD---- C:\Config.Msi
2008-11-20 12:12:22 ----D---- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-11-20 12:12:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-12 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-07 07:29:44 ----D---- C:\Program Files\Bonjour
2008-11-07 07:24:21 ----D---- C:\Program Files\Common Files\Apple
2008-11-04 23:26:46 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-11-04 23:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-04 23:26:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-04 20:40:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-04 20:40:02 ----D---- C:\Program Files\Applications

======List of files/folders modified in the last 1 months======

2008-12-01 18:05:17 ----D---- C:\WINDOWS\Prefetch
2008-12-01 18:02:46 ----D---- C:\WINDOWS\system32
2008-12-01 14:48:22 ----D---- C:\WINDOWS\Temp
2008-12-01 11:07:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-01 11:07:05 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 19:01:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-30 19:00:10 ----RD---- C:\Program Files
2008-11-30 19:00:10 ----D---- C:\Program Files\Common Files
2008-11-30 18:48:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 18:40:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-29 19:45:26 ----D---- C:\Program Files\Norton Security Scan
2008-11-29 19:23:37 ----A---- C:\rapport.txt
2008-11-29 19:23:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-29 19:22:17 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 18:38:31 ----D---- C:\Program Files\MSN Messenger
2008-11-29 14:53:12 ----D---- C:\WINDOWS
2008-11-29 11:19:05 ----SHD---- C:\WINDOWS\Installer
2008-11-29 11:17:49 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 11:17:48 ----HD---- C:\WINDOWS\inf
2008-11-29 11:17:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-29 11:03:29 ----D---- C:\Program Files\Safari
2008-11-28 18:18:28 ----D---- C:\Program Files\Norton SystemWorks
2008-11-20 11:36:33 ----D---- C:\Program Files\Java
2008-11-20 11:30:45 ----D---- C:\Program Files\MSN
2008-11-17 04:50:12 ----D---- C:\WINDOWS\Help
2008-11-12 03:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 03:02:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:01:58 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:00:50 ----D---- C:\WINDOWS\WinSxS
2008-11-04 23:52:43 ----D---- C:\WINDOWS\system
2008-11-04 23:52:42 ----D---- C:\Program Files\Internet Explorer
2008-11-03 22:16:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 55E50D4B72FB88F0;55E50D4B72FB88F0; \??\C:\Documents and Settings\Michael\Desktop\55E50D4B72FB88F0\55E50D4B72FB88F0 []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-28 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-21 9855]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2001-12-23 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-02 659228]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2001-12-23 1171488]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2001-12-23 160083]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081126.003\NavEx15.Sys []
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-12 155008]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-12-23 591536]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2003-06-18 138485]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-07-17 317128]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 GhostStartService;GhostStartService; C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [2003-02-04 181312]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

-----------------EOF-----------------

The pop ups have stopped coming up which is great but I want to be sure that the trojan infections are gone before we use anything sensitive in the computer. Thanks again for your help and have a great night!

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:51 PM

Posted 03 December 2008 - 04:51 PM

I'm sorry I missed your reply. Your log looks good to me.
How are things on your end? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Laurimj

Laurimj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 03 December 2008 - 09:12 PM

Thank you for your help. Things have been good. The only odd thing has been that some of the internet links we used seem to be misdirected to other sites selling tv/ dvd items- that may be an internet issue though. No specific websites but various links over the past two days. Please let me know if this sounds like a virus issue, otherwise i will assume it was a strange internet occurance and nothing more. Thank you again!

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:51 PM

Posted 04 December 2008 - 03:09 PM

Actually redirected searches may indicate the presence of an infection. It is something we should look into.

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Laurimj

Laurimj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 05 December 2008 - 02:16 AM

Hello there... Thank you for your continued help. I don't think these results are very good as there were many more infected files found. Please let me know what to do next.

Here is the Kaspersky scan results:

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 04, 2008 20:42:50
Records in database: 1436944
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
Scan statistics
Files scanned 65686
Threat name 28
Infected objects 43
Suspicious objects 0
Duration of the scan 02:31:45

File name Threat name Threats count
C:\Documents and Settings\Kassandra\Local Settings\Temporary Internet Files\Content.IE5\K9Y3S967\search[3].htm Infected: Trojan.HTML.Agent.e 1
C:\Documents and Settings\Michael\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Michael\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B73030E Infected: Trojan-Downloader.Win32.Zlob.abte 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B762D0A Infected: Trojan-Downloader.Win32.Zlob.abrn 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B7C0103 Infected: Trojan-Downloader.Win32.Zlob.abwd 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1E4870.dll Infected: Trojan-Downloader.Win32.Small.ia 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0FDD7FED Infected: Trojan-Downloader.Java.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\145F25B8 Infected: Email-Worm.Win32.NetSky.c 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18EC1D00 Infected: Trojan.JS.Agent.o 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D941D68.exe Infected: not-a-virus:AdWare.Win32.BHO.dht 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F281FA6.htm Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F281FA6.htm Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\259E3B58.exe Infected: Trojan.Win32.SecondThought.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28642534 Infected: Trojan-Downloader.Win32.Zlob.abtf 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E29006F.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E39525D.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30AD2820 Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\310F13B5 Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36D217CD Infected: Email-Worm.Win32.Mabutu.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3B8F1828 Infected: Trojan-Downloader.Win32.Zlob.fjh 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3C6A1537 Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CD67EC0 Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\49CC674F Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A277EEA Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5ADD2FB7 Infected: Email-Worm.Win32.NetSky.c 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E4005BF Infected: Trojan-Downloader.Java.Agent.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F245402.exe Infected: Trojan.Win32.SecondThought.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\665517D0 Infected: Trojan-Downloader.Win32.Zlob.abwe 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A6B2120.htm Infected: Exploit.HTML.IESlice.d 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C28337D Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C974703 Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D2747AA.dll Infected: Trojan-Downloader.Win32.Zlob.bsu 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\703A557D.dll Infected: Trojan-Downloader.Win32.Zlob.bsu 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\703D7F7A.dll Infected: Trojan-Downloader.Win32.Zlob.bsu 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7EBF3D60.htm Infected: Packed.JS.Agent.i 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7EC2675D.htm Infected: Packed.JS.Agent.i 1
C:\RECYCLER\NPROTECT\01931091.dll Infected: Hoax.Win32.Agent.he 1
C:\_OTMoveIt\MovedFiles\11302008_183959\Program Files\AnvTrgrsoftware\AnvTrgrWarning.dll Infected: not-a-virus:FraudTool.Win32.Agent.fl 1
C:\_OTMoveIt\MovedFiles\11302008_183959\WINDOWS\Downloaded Program Files\install026.exe Infected: Trojan.Win32.SecondThought.c 1
C:\_OTMoveIt\MovedFiles\11302008_183959\WINDOWS\system32\ctap7.dll Infected: not-a-virus:AdWare.Win32.BHO.bg 1
C:\_OTMoveIt\MovedFiles\11302008_183959\WINDOWS\system32\ctsr6.dll Infected: Trojan-Clicker.Win32.Agent.dp 1
The selected area was scanned.

Here is the RSIT scan log:

oLogfile of random's system information tool 1.04 (written by random/random)
Run by Michael at 2008-12-04 23:13:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 696 MB (2%) free of 38 GB
Total RAM: 479 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:36, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Michael\Local Settings\Temp\jkos-Michael\binaries\ScanningProcess.exe
C:\WINDOWS\System32\ssstars.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\RODY2C9Y\RSIT[1].exe
C:\Program Files\trend micro\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://rp-reports.webhire.com/crystalrepor...tivexviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159365621906
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktracking.info/ctadl1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - https://clover.cloverpark.k12.wa.us:4443/fo...iator/jinit.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12199 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-14 112248]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-17 2403392]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2001-12-23 4608]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-02 54296]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2003-12-02 58392]
"GhostStartTrayApp"=C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe [2002-08-14 94208]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]
""= []
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-09-20 95960]
"EPSON Stylus Photo R340 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE [2005-04-26 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-06 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe"="C:\Program Files\Yahoo! Games\Magic Ball\MagicBall.exe:*:Enabled:MagicBall"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Java\jre1.6.0_05\bin\java.exe"="C:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java Runtime Environment"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\server.exe:*:Enabled:SMS Server v3.0.2"
"C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe"="C:\Program Files\Rosetta Stone\SMS v3.0.2\admin.exe:*:Enabled:SMS Admin v3.0.2"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe"="C:\Program Files\Rosetta Stone\RS2.1.5.1Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a4646-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a464a-8ca0-11dc-8f10-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efbca47e-2230-11dd-8f1d-00159694115a}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-04 07:37:13 ----A---- C:\LOG40.tmp
2008-11-30 18:39:59 ----D---- C:\_OTMoveIt
2008-11-29 22:45:33 ----D---- C:\Program Files\trend micro
2008-11-29 22:45:27 ----D---- C:\rsit
2008-11-29 11:16:40 ----D---- C:\Program Files\iPod
2008-11-29 11:16:18 ----D---- C:\Program Files\iTunes
2008-11-29 11:16:18 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 11:12:49 ----D---- C:\Program Files\QuickTime
2008-11-29 11:09:37 ----SHD---- C:\Config.Msi
2008-11-20 12:12:22 ----D---- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-11-20 12:12:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 11:30:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-12 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-07 07:29:44 ----D---- C:\Program Files\Bonjour
2008-11-07 07:24:21 ----D---- C:\Program Files\Common Files\Apple

======List of files/folders modified in the last 1 months======

2008-12-04 23:13:10 ----D---- C:\WINDOWS\Prefetch
2008-12-04 21:22:48 ----D---- C:\WINDOWS\Temp
2008-12-04 07:37:44 ----D---- C:\Documents and Settings\Michael\Application Data\U3
2008-12-02 20:22:55 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-02 20:22:13 ----RD---- C:\Program Files
2008-12-02 20:22:13 ----D---- C:\Program Files\Common Files
2008-12-01 18:02:46 ----D---- C:\WINDOWS\system32
2008-12-01 11:07:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-01 11:07:05 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 18:48:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 18:40:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-29 19:45:26 ----D---- C:\Program Files\Norton Security Scan
2008-11-29 19:23:37 ----A---- C:\rapport.txt
2008-11-29 19:23:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-29 19:22:17 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 18:38:31 ----D---- C:\Program Files\MSN Messenger
2008-11-29 14:53:12 ----D---- C:\WINDOWS
2008-11-29 11:19:05 ----SHD---- C:\WINDOWS\Installer
2008-11-29 11:17:49 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 11:17:48 ----HD---- C:\WINDOWS\inf
2008-11-29 11:17:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-29 11:03:29 ----D---- C:\Program Files\Safari
2008-11-28 18:18:28 ----D---- C:\Program Files\Norton SystemWorks
2008-11-20 11:36:33 ----D---- C:\Program Files\Java
2008-11-20 11:30:45 ----D---- C:\Program Files\MSN
2008-11-17 04:50:12 ----D---- C:\WINDOWS\Help
2008-11-12 03:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 03:02:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:01:58 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:00:50 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 55E50D4B72FB88F0;55E50D4B72FB88F0; \??\C:\Documents and Settings\Michael\Desktop\55E50D4B72FB88F0\55E50D4B72FB88F0 []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-12-28 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-21 9855]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2001-12-23 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-02 659228]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2001-12-23 1171488]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2001-12-23 160083]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081203.004\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081203.004\NavEx15.Sys []
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-12 155008]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-12-23 591536]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2003-06-18 138485]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-07-17 317128]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 GhostStartService;GhostStartService; C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [2003-02-04 181312]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

-----------------EOF-----------------

Thanks in advance!

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:51 PM

Posted 05 December 2008 - 10:30 AM

It's not as bad as it seems. Nearly everything Kaspersky found is already quarantined.

Please run Hijackthis, located here: C:\Program Files\trend micro\Michael.exe

Click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktracking.info/ctadl1.cab



=================



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.


Let me know if you still are having the redirected searches.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Laurimj

Laurimj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 06 December 2008 - 02:09 AM

Hello again.

Here is what came back in the log after doing the steps you asked:


SDFix: Version 1.240
Run by Michael on Fri 12/05/2008 at 22:34

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TFTP1100 - Deleted
C:\WINDOWS\system32\TFTP1828 - Deleted
C:\WINDOWS\system32\TFTP396 - Deleted
C:\WINDOWS\system32\TFTP940 - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 22:46:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo! Games\\Magic Ball\\MagicBall.exe"="C:\\Program Files\\Yahoo! Games\\Magic Ball\\MagicBall.exe:*:Enabled:MagicBall"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe:*:Enabled:Java Runtime Environment"
"C:\\Program Files\\Rosetta Stone\\SMS v3.0.2\\server.exe"="C:\\Program Files\\Rosetta Stone\\SMS v3.0.2\\server.exe:*:Enabled:SMS Server v3.0.2"
"C:\\Program Files\\Rosetta Stone\\SMS v3.0.2\\admin.exe"="C:\\Program Files\\Rosetta Stone\\SMS v3.0.2\\admin.exe:*:Enabled:SMS Admin v3.0.2"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Rosetta Stone\\RS2.1.5.1Asms\\Discover.exe"="C:\\Program Files\\Rosetta Stone\\RS2.1.5.1Asms\\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 16 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 20 May 2004 43,008 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL0005.tmp"
Sun 9 Nov 2008 22,016 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL0006.tmp"
Thu 24 Jun 2004 28,672 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL0141.tmp"
Thu 24 Jun 2004 21,504 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL0375.tmp"
Thu 24 Jun 2004 24,576 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL0627.tmp"
Sun 26 Oct 2003 158,720 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL0814.tmp"
Sun 7 Sep 2008 30,720 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL0901.tmp"
Fri 25 Jun 2004 37,888 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL1287.tmp"
Sat 26 Nov 2005 52,224 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL1489.tmp"
Mon 3 Dec 2007 45,056 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL1933.tmp"
Thu 24 Jun 2004 27,648 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL2431.tmp"
Thu 10 Jun 2004 44,032 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL2961.tmp"
Tue 11 Nov 2008 27,136 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL3007.tmp"
Wed 29 Oct 2003 31,232 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL3640.tmp"
Thu 24 Jun 2004 25,600 ...H. --- "C:\Documents and Settings\Michael\My Documents\~WRL3948.tmp"
Sat 4 Sep 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sat 4 Sep 2004 12,888 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Kassandra\Application Data\U3\temp\Launchpad Removal.exe"
Sat 19 Jul 2008 335,872 ...H. --- "C:\Documents and Settings\Michael\Application Data\Microsoft\Templates\~WRL2882.tmp"
Tue 27 Apr 2004 64,000 ...H. --- "C:\Documents and Settings\Michael\Application Data\Microsoft\Word\~WRL0160.tmp"
Mon 9 May 2005 33,280 ...H. --- "C:\Documents and Settings\Michael\Application Data\Microsoft\Word\~WRL0192.tmp"
Wed 12 Jul 2006 39,936 ...H. --- "C:\Documents and Settings\Michael\Application Data\Microsoft\Word\~WRL1185.tmp"
Wed 15 Feb 2006 129,536 ...H. --- "C:\Documents and Settings\Michael\Application Data\Microsoft\Word\~WRL2085.tmp"
Tue 27 Apr 2004 99,328 ...H. --- "C:\Documents and Settings\Michael\Application Data\Microsoft\Word\~WRL3077.tmp"
Mon 15 Sep 2008 350,208 ...H. --- "C:\Documents and Settings\Michael\Application Data\Microsoft\Word\~WRL3363.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Michael\Application Data\U3\temp\Launchpad Removal.exe"
Sat 16 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Michael\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Thu 28 Dec 2006 20 A..H. --- "C:\Documents and Settings\Michael\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Mon 6 Feb 2006 312 ...H. --- "C:\Documents and Settings\Michael\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Thu 28 Dec 2006 1,536 A..H. --- "C:\Documents and Settings\Michael\Application Data\Real\Rhapsody\wmlicbackup\drmv2lic.bak"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

Finished!



Sadly I am still getting redirected quite a bit and it does not appear to be from one site but many. What's next? Thanks again for your help and patience~

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:51 PM

Posted 06 December 2008 - 11:12 AM

We need to run Combofix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Laurimj

Laurimj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 06 December 2008 - 07:43 PM

Hi there... Please let me know what else I need to do.

I think this is the log you are looking for:

ComboFix 08-12-06.04 - Michael 2008-12-06 16:22:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.133 [GMT -8:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-05 22:20 . 2008-12-05 22:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-12-05 22:12 . 2008-12-05 22:52 <DIR> d-------- C:\SDFix
2008-12-04 07:37 . 2008-12-04 07:37 0 --a------ C:\LOG40.tmp
2008-11-30 18:39 . 2008-11-30 18:39 <DIR> d-------- C:\_OTMoveIt
2008-11-29 22:45 . 2008-11-29 22:46 <DIR> d-------- C:\rsit
2008-11-29 22:45 . 2008-12-05 22:05 <DIR> d-------- C:\Program Files\trend micro
2008-11-29 11:16 . 2008-11-29 11:17 <DIR> d-------- C:\Program Files\iTunes
2008-11-29 11:16 . 2008-11-29 11:16 <DIR> d-------- C:\Program Files\iPod
2008-11-29 11:16 . 2008-11-29 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 11:12 . 2008-11-29 11:14 <DIR> d-------- C:\Program Files\QuickTime
2008-11-20 12:12 . 2008-11-20 12:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-11-20 11:30 . 2008-11-20 11:29 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-11-12 02:51 . 2008-09-04 09:15 1,106,944 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-11-12 02:51 . 2008-10-24 03:21 455,296 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-11-07 07:29 . 2008-11-07 07:29 <DIR> d-------- C:\Program Files\Bonjour
2008-11-07 07:24 . 2008-11-29 11:16 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 07:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-12-06 05:34 --------- d-----w C:\Program Files\Norton SystemWorks
2008-12-04 15:37 --------- d-----w C:\Documents and Settings\Michael\Application Data\U3
2008-12-04 02:43 86,352 ----a-w C:\Documents and Settings\Michael\Application Data\GDIPFONTCACHEV1.DAT
2008-11-30 03:45 --------- d-----w C:\Program Files\Norton Security Scan
2008-11-30 02:38 --------- d-----w C:\Program Files\MSN Messenger
2008-11-29 19:03 --------- d-----w C:\Program Files\Safari
2008-11-20 19:36 --------- d-----w C:\Program Files\Java
2008-11-12 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-05 07:52 --------- d-----w C:\Program Files\Applications
2008-11-05 07:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-11-05 07:26 --------- d-----w C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-11-05 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-05 04:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 06:52 --------- d-----w C:\Program Files\Rhapsody
2008-10-26 06:47 --------- d-----w C:\Program Files\Yahoo! Games
2008-10-24 11:21 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-23 00:27 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 00:27 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-15 14:03 --------- d-----w C:\Program Files\NOS
2008-10-15 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-15 01:04 --------- d-----w C:\Program Files\Documents To Go
2008-10-14 01:26 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-10-14 01:25 --------- d-----w C:\Program Files\Common Files\Adobe
2006-06-07 01:42 22,808 ----a-w C:\Documents and Settings\Kassandra\Application Data\GDIPFONTCACHEV1.DAT
2003-09-16 01:05 18,688 ----a-w C:\Documents and Settings\Jamie\Application Data\GDIPFONTCACHEV1.DAT
2003-09-01 22:34 32 --sha-w C:\WINDOWS\{0AC93FB7-C809-42FC-BD45-55B72C603180}.dat
2003-09-01 22:34 32 --sha-w C:\WINDOWS\{140CA9EB-D43B-4120-9DA5-70402B02887C}.dat
2003-09-01 22:35 32 --sha-w C:\WINDOWS\{1833C0E6-ED71-4E5E-8A7D-F6A190C67BA4}.dat
2003-09-01 22:37 32 --sha-w C:\WINDOWS\{58E1BD77-C58C-4B93-B6C9-867294514721}.dat
2003-09-01 22:33 32 --sha-w C:\WINDOWS\{C1847075-08ED-438D-AD8D-6B1053FC043C}.dat
2003-09-01 22:34 32 --sha-w C:\WINDOWS\{E2711F45-DB63-42B5-9F86-C327A04573A0}.dat
2003-09-01 22:36 32 --sha-w C:\WINDOWS\{F1269DE8-C43C-4357-B3DE-8B9A6368CAC4}.dat
2003-09-01 22:34 32 --sha-w C:\WINDOWS\system32\{5FEA69EA-B257-41D7-8382-531327584C91}.dat
2003-09-01 22:37 32 --sha-w C:\WINDOWS\system32\{63995A0B-3941-4116-BAB6-AF6736738D86}.dat
2003-09-01 22:34 32 --sha-w C:\WINDOWS\system32\{725FA31F-FD1D-4076-A629-0DE1654D55F2}.dat
2003-09-01 22:35 32 --sha-w C:\WINDOWS\system32\{77F88B83-DD79-45BF-9621-551789437826}.dat
2003-09-01 22:34 32 --sha-w C:\WINDOWS\system32\{8780E713-8206-4D31-8E3A-500A837E81BB}.dat
2003-09-01 22:33 32 --sha-w C:\WINDOWS\system32\{C855B5BC-67C6-4A28-A6F4-D2557FC56698}.dat
2003-09-01 22:36 32 --sha-w C:\WINDOWS\system32\{DF295839-C456-4989-870C-B22F03CCDA2A}.dat
2008-05-24 07:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 16:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 02:50 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 16:11 54296]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11 58392]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 14:21 94208]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 20:36 50688]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-06-30 19:05 74752]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 05:40 34904]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-09-20 19:32 95960]
"EPSON Stylus Photo R340 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 03:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-20 11:29 136600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-11-04 10:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20 290088]
"SoundMan"="SOUNDMAN.EXE" [2002-08-02 03:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
"CARPService"="carpserv.exe" [2001-12-23 03:02 4608 C:\WINDOWS\system32\carpserv.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Rosetta Stone\\SMS v3.0.2\\server.exe"=
"C:\\Program Files\\Rosetta Stone\\SMS v3.0.2\\admin.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2002-08-14 14:11:16 5632]
R2 55E50D4B72FB88F0;55E50D4B72FB88F0;\??\C:\Documents and Settings\Michael\Desktop\55E50D4B72FB88F0\55E50D4B72FB88F0 []
R2 NProtectService;Norton Unerase Protection;"C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" [2003-09-01 14:35:36 135168]
S0 wseqkun;wseqkun;C:\WINDOWS\system32\drivers\bmhvbo.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a4646-8ca0-11dc-8f10-00159694115a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a464a-8ca0-11dc-8f10-00159694115a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efbca47e-2230-11dd-8f1d-00159694115a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-06 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe [2002-11-14 18:31]

2008-12-06 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2002-09-29 21:57]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>;*.local
IE: &Search
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
IE: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
IE: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://clover.cloverpark.k12.wa.us:4443/forms/jinitiator/jinit.exe
FireFox -: Profile - C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\srqvdiw0.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:51 PM

Posted 07 December 2008 - 10:13 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Dirlook::
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Driver::
55E50D4B72FB88F0
wseqkun

File::
C:\WINDOWS\system32\drivers\bmhvbo.sys
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=================


Run Hijackthis, located here: C:\Program Files\trend micro\Michael.exe

Click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktracking.info/ctadl1.cab



Reboot your computer.
Are you still getting the redirections?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users