Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Virus (and others?)


  • This topic is locked This topic is locked
7 replies to this topic

#1 Ana55127

Ana55127

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 November 2008 - 03:14 PM

After my sister used my computer I began receiving pop internet browser windows (using both FireFox and IE 7). The windows always redirect to a "virus scan" site (multiple/random) that offer to help fix my computer. I've never clicked these and always closed them. I knew immediately I had a virus and assumed it was Vundo, after more research I'm fairly certain it's a Vundo variant of some sort. I do not see any VirusScan 2008 or 2009 files on my computer. I have a NAS drive attached to my computer (W:\) and an external hard drive (Z:\). After running the Kaspersky Scan I see I have questionable files on both of these drives.

I have top of the line AntiVirus installed (McAfee VirusScan Enterprise 8.5.0i), however I know this doesn't protect from all Malware. I have successfully removed malware/viruses/even Vundo from friends computers, however, this isn't as simple of a fix and I decided to ask for help here before diving in too deeply.

I ran the RSIT.exe program, however, I only got a log.txt file and NO info.txt file. I did shut down the program and re-run, with the same result. I'm posting my log.txt and Kaspersky Scan results here:

RSIT - log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Staci at 2008-11-30 13:50:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (14%) free of 73 GB
Total RAM: 2016 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:44 PM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Staci\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Staci.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {dd1dbf8c-996f-449a-86f4-6332e2fa8c9c} - C:\WINDOWS\system32\yalemera.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [waletefume] Rundll32.exe "C:\WINDOWS\system32\kulubibi.dll",s
O4 - HKLM\..\Run: [CPM83418f85] Rundll32.exe "c:\windows\system32\safufoga.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [waletefume] Rundll32.exe "C:\WINDOWS\system32\kulubibi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [waletefume] Rundll32.exe "C:\WINDOWS\system32\kulubibi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.lynnemorrell.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsol...scueControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216646904301
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.1.3/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sunmeetings.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.custhelp.com/8201-b499h/rnl/java/RntX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://vela-alegria.hyperoffice.com/hypero...nts/XUpload.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\jojuzoma.dll c:\windows\system32\safufoga.dll,C:\WINDOWS\system32\piduhazi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\safufoga.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\safufoga.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--
End of file - 17388 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Back Up Day 1.job
C:\WINDOWS\tasks\Back Up Day 2.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{85F4CA9D-D7AB-4199-A7FD-E100EDD0BB64}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-06 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2007-12-24 5690184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2008-07-16 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14 392240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd1dbf8c-996f-449a-86f4-6332e2fa8c9c}]
C:\WINDOWS\system32\yalemera.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2007-12-24 5690184]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-04-17 63048]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2007-10-24 136512]
"dlcqmon.exe"=C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [2007-01-12 292336]
"DLCQCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-26 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-09-26 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-09-26 94208]
"SigmatelSysTrayApp"=sttray.exe []
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-07-16 111952]
""= []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [2007-06-26 61440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"waletefume"=C:\WINDOWS\system32\kulubibi.dll []
"CPM83418f85"=c:\windows\system32\safufoga.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2007-12-24 160592]
"PTIM.exe"=C:\Program Files\WebEx\Productivity Tools\PTIM.exe []
"PTOneClick"=C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe []
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Google Update"=C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\jojuzoma.dll c:\windows\system32\safufoga.dll,C:\WINDOWS\system32\piduhazi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-26 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-20 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\safufoga.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\safufoga.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\piduhazi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\WINDOWS\system32\dlcqcoms.exe"="C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\LMI2560.tmp\rescue.exe"="C:\WINDOWS\LMI2560.tmp\rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\Microsoft Office\Office12\EXCEL.EXE"="C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Adobe\Adobe Contribute CS3\Contribute.exe"="C:\Program Files\Adobe\Adobe Contribute CS3\Contribute.exe:*:Enabled:Contribute"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a58445-e836-11db-8971-0016cb0b7149}]
shell\AutoRun\command - F:\/setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4446e3d-2c08-11dd-8fda-0016cb0b7149}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 1 months======

2008-11-29 13:07:44 ----D---- C:\rsit
2008-11-29 12:56:46 ----D---- C:\Program Files\Trend Micro
2008-11-29 12:55:25 ----A---- C:\WINDOWS\system32\jqjsdmet.exe
2008-11-29 12:34:55 ----A---- C:\WINDOWS\system32\dcaniicf.exe
2008-11-29 09:22:24 ----SH---- C:\WINDOWS\system32\ihuwivep.ini
2008-11-28 21:22:24 ----SH---- C:\WINDOWS\system32\ariritum.ini
2008-11-28 19:43:59 ----D---- C:\Program Files\Windows Defender
2008-11-28 09:21:49 ----SH---- C:\WINDOWS\system32\ilebuwir.ini
2008-11-27 21:21:39 ----SH---- C:\WINDOWS\system32\ogujegud.ini
2008-11-27 09:28:05 ----SH---- C:\WINDOWS\system32\idugomaz.ini
2008-11-26 22:37:02 ----A---- C:\VundoFix.txt
2008-11-26 21:21:10 ----SH---- C:\WINDOWS\system32\erowijit.ini
2008-11-25 21:20:54 ----SH---- C:\WINDOWS\system32\oponekew.ini
2008-11-25 20:42:10 ----D---- C:\Documents and Settings\Staci\Application Data\Malwarebytes
2008-11-25 20:42:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-25 20:42:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-20 15:03:38 ----D---- C:\Program Files\lame3.98.2
2008-11-20 15:00:01 ----D---- C:\Documents and Settings\Staci\Application Data\AccurateRip
2008-11-20 14:59:56 ----D---- C:\Program Files\Exact Audio Copy
2008-11-20 12:01:22 ----A---- C:\WINDOWS\system32\tsccvid.dll
2008-11-20 12:01:21 ----D---- C:\WINDOWS\system32\QuickTime
2008-11-20 12:00:33 ----D---- C:\Program Files\Common Files\TechSmith Shared
2008-11-20 12:00:27 ----D---- C:\Program Files\TechSmith
2008-11-13 12:07:58 ----D---- C:\Program Files\Audible
2008-11-03 11:08:58 ----D---- C:\Program Files\Wisdom-soft ScreenHunter 5 Free

======List of files/folders modified in the last 1 months======

2008-11-30 13:50:15 ----D---- C:\WINDOWS\Temp
2008-11-30 13:16:59 ----D---- C:\WINDOWS
2008-11-30 13:15:28 ----D---- C:\Program Files\Dl_cats
2008-11-30 12:20:38 ----D---- C:\Program Files\LogMeIn
2008-11-30 02:00:33 ----D---- C:\WINDOWS\Registration
2008-11-30 02:00:15 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-29 15:04:22 ----D---- C:\WINDOWS\Prefetch
2008-11-29 12:56:46 ----RD---- C:\Program Files
2008-11-29 12:55:25 ----D---- C:\WINDOWS\system32
2008-11-29 12:47:37 ----SD---- C:\WINDOWS\Tasks
2008-11-29 12:45:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-29 12:42:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-29 12:40:51 ----D---- C:\Documents and Settings
2008-11-29 09:22:22 ----A---- C:\WINDOWS\system32\peviwuhi.dll
2008-11-28 21:22:18 ----ASH---- C:\WINDOWS\system32\mesateje.dll
2008-11-28 21:22:17 ----N---- C:\WINDOWS\system32\mutirira.dll
2008-11-28 19:44:09 ----SHD---- C:\WINDOWS\Installer
2008-11-28 19:44:00 ----HD---- C:\WINDOWS\inf
2008-11-28 19:43:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-28 17:20:17 ----D---- C:\Program Files\Mozilla Firefox
2008-11-28 09:21:48 ----N---- C:\WINDOWS\system32\riwubeli.dll
2008-11-28 09:21:48 ----ASH---- C:\WINDOWS\system32\nayifila.dll
2008-11-27 21:21:38 ----N---- C:\WINDOWS\system32\dugejugo.dll
2008-11-27 21:21:38 ----ASH---- C:\WINDOWS\system32\lajiboki.dll
2008-11-27 09:28:02 ----N---- C:\WINDOWS\system32\zamogudi.dll
2008-11-27 09:28:02 ----ASH---- C:\WINDOWS\system32\kuvusabu.dll
2008-11-26 22:27:09 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 21:21:09 ----ASH---- C:\WINDOWS\system32\nevahoti.dll
2008-11-26 21:21:08 ----ASH---- C:\WINDOWS\system32\tijiwore.dll
2008-11-25 20:10:48 ----D---- C:\Program Files\Common Files
2008-11-25 17:01:27 ----D---- C:\quarantine
2008-11-25 09:08:18 ----D---- C:\Documents and Settings\Staci\Application Data\uTorrent
2008-11-25 00:16:55 ----D---- C:\Program Files\uTorrent
2008-11-23 10:16:29 ----D---- C:\Program Files\Stamps.com
2008-11-20 10:35:16 ----D---- C:\Documents and Settings\Staci\Application Data\Adobe
2008-11-20 02:40:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-18 12:07:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-09 17:02:10 ----SD---- C:\Documents and Settings\Staci\Application Data\Microsoft
2008-11-07 18:58:04 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-05 00:32:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-05 00:30:55 ----D---- C:\Program Files\FileZilla Client
2008-11-05 00:27:07 ----D---- C:\Program Files\Common Files\AVSMedia
2008-11-05 00:26:59 ----RSD---- C:\WINDOWS\Fonts
2008-11-05 00:26:06 ----D---- C:\Program Files\AVS4YOU
2008-11-02 18:49:15 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-07-16 52104]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-10-15 8413]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
R3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-03 25600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-09-26 1109568]
R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2007-04-17 10144]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-07-16 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-07-16 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-07-16 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-07-16 174952]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-26 1179784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 WmaCDriverV32;WmaCDriverV32; C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-07-19 513152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-09-26 494080]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BLUETOOTH_KICKER;Apple Bluetooth Kicker Driver; C:\WINDOWS\System32\Drivers\BthKicker.sys [2006-08-24 6016]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDiagnose\FreshIO.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StartupDiskDriver;StartupDiskDriver; \??\C:\WINDOWS\system32\DRIVERS\StartupDiskDriver.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 dlcq_device;dlcq_device; C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 537480]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-20 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-04-17 63040]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2007-10-24 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-07-16 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-07-16 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-09-26 86016]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe [2008-01-31 157016]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-22 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-16 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2008-09-12 5119392]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------

Kaspersky Scan Results:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 29, 2008 17:11:46
Records in database: 1427415
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
W:\
X:\
Y:\
Z:\

Scan statistics:
Files scanned: 383115
Threat name: 6
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 11:14:20


File name / Threat name / Threats count
C:\Documents and Settings\Staci\Local Settings\Temporary Internet Files\Content.IE5\CMZSH4FH\_freescan[1].htm Infected: Trojan-Downloader.JS.Agent.czp 1
C:\Documents and Settings\Staci\Local Settings\Temporary Internet Files\Content.IE5\Q4Z8WX58\_freescan[1].htm Infected: Trojan-Downloader.JS.Agent.czp 1
W:\mjarvis\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP Infected: Trojan-Clicker.Win32.VB.la 1
W:\mjarvis\important stuff\My Documents\installer.exe Infected: Trojan.Win32.VB.amd 1
W:\mjarvis\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP Infected: Trojan.Win32.VB.amd 1
W:\mjarvis\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP Infected: Trojan-Clicker.Win32.VB.la 1
W:\mjarvis\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe Infected: not-a-virus:AdWare.Win32.Webdir.b 1
W:\mjarvis\File off of vista rc2\Documents\My Downloads\dgt.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
W:\staci\Downloads\SoThink DHTML Menu Maker.zip Infected: Trojan-Downloader.Win32.Small.ddp 1
X:\Downloads\SoThink DHTML Menu Maker.zip Infected: Trojan-Downloader.Win32.Small.ddp 1
Z:\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP Infected: Trojan-Clicker.Win32.VB.la 1
Z:\important stuff\My Documents\installer.exe Infected: Trojan.Win32.VB.amd 1
Z:\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP Infected: Trojan.Win32.VB.amd 1
Z:\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP Infected: Trojan-Clicker.Win32.VB.la 1
Z:\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe Infected: not-a-virus:AdWare.Win32.Webdir.b 1
Z:\File off of vista rc2\Documents\My Downloads\dgt.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

The selected area was scanned.
------------------------EOF--------------------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 01 December 2008 - 01:59 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.


NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Ana55127

Ana55127
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 01 December 2008 - 09:24 AM

Thanks so much for your assistance. I followed all steps; here are the logs requested:

---SDFix Log---

SDFix: Version 1.240
Run by Staci on Mon 12/01/2008 at 03:17 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 03:57:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cb0b7149]
"001237a85598"=hex:4d,73,f4,85,70,45,e1,c9,4a,ad,d0,8f,53,8e,dd,ad
"0017e5df9bf6"=hex:1f,97,c2,0e,5e,b4,06,bc,29,08,49,7f,2b,7a,ec,dc
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cb0b7149]
"001237a85598"=hex:4d,73,f4,85,70,45,e1,c9,4a,ad,d0,8f,53,8e,dd,ad
"0017e5df9bf6"=hex:1f,97,c2,0e,5e,b4,06,bc,29,08,49,7f,2b,7a,ec,dc

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\WINDOWS\\system32\\dlcqcoms.exe"="C:\\WINDOWS\\system32\\dlcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\WINDOWS\\LMI2560.tmp\\rescue.exe"="C:\\WINDOWS\\LMI2560.tmp\\rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"="C:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe:*:Enabled:Contribute"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :



Files with Hidden Attributes :

Thu 27 Nov 2008 93,748 A.SH. --- "C:\WINDOWS\system32\kuvusabu.dll"
Thu 27 Nov 2008 93,748 A.SH. --- "C:\WINDOWS\system32\lajiboki.dll"
Fri 28 Nov 2008 95,284 A.SH. --- "C:\WINDOWS\system32\mesateje.dll"
Fri 28 Nov 2008 95,284 A.SH. --- "C:\WINDOWS\system32\nayifila.dll"
Wed 26 Nov 2008 93,748 A.SH. --- "C:\WINDOWS\system32\nevahoti.dll"
Wed 26 Nov 2008 86,580 A.SH. --- "C:\WINDOWS\system32\tijiwore.dll"
Fri 29 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 17 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 8 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 5 Apr 2007 17,392 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\BT_FTP\btctxmenu.dll"
Thu 5 Apr 2007 42,992 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\BT_FTP\btpropext.dll"
Mon 13 Nov 2006 25,040 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\camera 3.3\colorConvScaling.dll"
Mon 13 Nov 2006 41,936 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\camera 3.3\MP4Writer.dll"
Mon 13 Nov 2006 107,472 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\camera 3.3\MPEG4SPVIDEOENC.dll"
Sun 7 Jan 2007 25,040 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\camera+streamer\colorConvScaling.dll"
Sun 7 Jan 2007 41,936 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\camera+streamer\MP4Writer.dll"
Sun 7 Jan 2007 107,472 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\camera+streamer\MPEG4SPVIDEOENC.dll"
Fri 11 May 2007 430,544 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Comm Manager 7B OEM\CommManagerRes.dll"
Fri 11 May 2007 92,112 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Comm Manager 7B OEM\CommManager.exe"
Mon 23 Jul 2007 118,736 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC BT Quicklink\htcbtql.dll"
Sun 11 Mar 2007 181,752 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC GIF Player\GifPlayer.exe"
Sun 27 May 2007 27,088 ..SH. --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC TOUCH Dialer\DPadMenu.dll"
Sun 27 May 2007 50,128 ..SH. --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC TOUCH Dialer\phcanhtc.dll"
Sun 27 May 2007 559,568 ..SH. --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC TOUCH Dialer\phcanOverbmp.dll"
Sun 27 May 2007 36,304 ..SH. --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC TOUCH Dialer\phcanrc.dll"
Sun 27 May 2007 112,080 ..SH. --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC TOUCH Dialer\smartdialing.dll"
Wed 7 Mar 2007 61,944 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC X Button 1.0\TaskManagerApp.exe"
Wed 7 Mar 2007 7,160 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\HTC X Button 1.0\taskserStart.exe"
Sun 7 Jan 2007 60,880 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\AACDLL.dll"
Sun 7 Jan 2007 16,336 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\aac_reader.dll"
Sun 7 Jan 2007 7,120 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\amr_reader.dll"
Sun 7 Jan 2007 6,608 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\amr_writer.dll"
Sun 7 Jan 2007 20,432 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\AudioStrmReader.dll"
Sun 7 Jan 2007 7,632 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\ditherRGB24toRGB555.dll"
Sun 7 Jan 2007 72,144 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmAmrWbDecDll.dll"
Sun 7 Jan 2007 37,840 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmEvrcDec.dll"
Sun 7 Jan 2007 72,656 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmEvrcEncdll.dll"
Sun 7 Jan 2007 40,912 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmG7231DecDll.dll"
Sun 7 Jan 2007 66,512 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmG723EncDll.dll"
Sun 7 Jan 2007 108,496 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmMp4SbrDec.dll"
Sun 7 Jan 2007 32,720 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmQcelpDec.dll"
Sun 7 Jan 2007 50,128 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EmQcelpEnc.dll"
Sun 7 Jan 2007 621,520 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\EM_PD_RS_SDK_PPC2003_EVC4.dll"
Sun 7 Jan 2007 68,048 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\GSMAMRDLL.dll"
Sun 7 Jan 2007 81,360 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\gsmamrenc.dll"
Sun 7 Jan 2007 94,160 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\h263P3.dll"
Sun 7 Jan 2007 79,824 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\H263VIDEOENC.dll"
Sun 7 Jan 2007 26,064 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\ImageProcessing.dll"
Sun 7 Jan 2007 76,240 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\JPEGENC.dll"
Sun 7 Jan 2007 52,176 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\jpeg_dec.dll"
Sun 7 Jan 2007 22,992 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\mp3_reader.dll"
Sun 7 Jan 2007 119,248 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\mp4spvd.dll"
Sun 7 Jan 2007 54,224 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\MP4_READER.dll"
Sun 7 Jan 2007 37,840 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\player_middlelayer.dll"
Sun 7 Jan 2007 8,656 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\qcp_reader.dll"
Sun 7 Jan 2007 8,656 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\qcp_writer.dll"
Sun 7 Jan 2007 7,632 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\SALib.dll"
Sun 7 Jan 2007 31,696 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\OEM\Misc\SAPSettings.exe"
Thu 28 Sep 2006 116,640 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\BaseApps\dssdh.dll"
Mon 11 Dec 2006 17,144 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 13,560 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 39,672 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 162,552 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 76,536 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 11,512 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Tue 9 May 2006 1,027,528 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 62,944 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 463,296 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 240,608 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 14,296 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 351,200 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Tue 9 May 2006 31,208 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 183,288 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 909,768 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 693,712 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 58,320 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 75,224 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 17,368 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 49,648 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Thu 8 Jun 2006 38,248 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\OEMAPPS\GSMTestMode.exe"
Thu 8 Jun 2006 22,928 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\OEMDrivers\XpanelLog.exe"
Thu 28 Sep 2006 175,520 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\OS\rsaenh.dll"
Mon 11 Dec 2006 12,536 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 4,344 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\Shell\arinvalid.exe"
Wed 11 Oct 2006 191,216 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Wed 11 Oct 2006 232,176 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Wed 11 Oct 2006 35,544 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Wed 11 Oct 2006 35,544 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Mon 11 Dec 2006 517,880 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand\sapi.dll"
Mon 11 Dec 2006 76,024 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand\sapiwavstr.dll"
Mon 11 Dec 2006 36,088 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand\spcacheaudio.dll"
Mon 11 Dec 2006 6,392 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand\vcbthag.dll"
Mon 11 Dec 2006 27,384 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand\VCOSShim_PPC05.dll"
Mon 11 Dec 2006 366,840 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand\voicecmd.exe"
Mon 11 Dec 2006 28,920 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand\VoiceCommandWMP.dll"
Mon 11 Dec 2006 127,224 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\enut11f1.dll"
Mon 11 Dec 2006 61,176 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\enut3s51.dll"
Mon 11 Dec 2006 141,048 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\enutstpp.dll"
Mon 11 Dec 2006 422,648 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\enu_g2p.dll"
Mon 11 Dec 2006 116,472 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\lhcom02w.dll"
Mon 11 Dec 2006 447,736 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\spsreng.dll"
Mon 11 Dec 2006 61,176 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\ttscore.dll"
Mon 11 Dec 2006 93,432 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\SYS\VoiceCommand_Lang_0409\VoiceCmdRes_PPC.dll"
Mon 11 Dec 2006 4,344 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\arinvalid.exe"
Thu 5 Apr 2007 17,392 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\btctxmenu.dll"
Thu 5 Apr 2007 42,992 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\btpropext.dll"
Thu 28 Sep 2006 116,640 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\dssdh.dll"
Mon 11 Dec 2006 127,224 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\enut11f1.dll"
Mon 11 Dec 2006 61,176 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\enut3s51.dll"
Mon 11 Dec 2006 141,048 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\enutstpp.dll"
Mon 11 Dec 2006 422,648 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\enu_g2p.dll"
Tue 9 May 2006 1,027,528 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 31,208 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 183,288 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 62,944 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 463,296 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 240,608 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 17,144 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 12,536 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Tue 9 May 2006 14,296 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 13,560 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 39,672 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 162,552 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 76,536 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Tue 9 May 2006 909,768 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 693,712 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 58,320 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 75,224 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 17,368 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Mon 11 Dec 2006 11,512 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Tue 9 May 2006 49,648 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Tue 9 May 2006 351,200 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Thu 8 Jun 2006 38,248 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\GSMTestMode.exe"
Mon 11 Dec 2006 116,472 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\lhcom02w.dll"
Thu 28 Sep 2006 175,520 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\rsaenh.dll"
Mon 11 Dec 2006 517,880 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\sapi.dll"
Mon 11 Dec 2006 76,024 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\sapiwavstr.dll"
Mon 11 Dec 2006 36,088 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\spcacheaudio.dll"
Mon 11 Dec 2006 447,736 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\spsreng.dll"
Mon 11 Dec 2006 61,176 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\ttscore.dll"
Mon 11 Dec 2006 6,392 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\vcbthag.dll"
Mon 11 Dec 2006 27,384 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\VCOSShim_PPC05.dll"
Mon 11 Dec 2006 366,840 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\voicecmd.exe"
Mon 11 Dec 2006 28,920 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\VoiceCommandWMP.dll"
Mon 11 Dec 2006 93,432 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\VoiceCmdRes_PPC.dll"
Thu 8 Jun 2006 22,928 ..SHR --- "C:\Documents and Settings\Staci\My Documents\MDA ROM Upgrade\Final WM6 Upgrade\temp\dump\XpanelLog.exe"

Finished!


---ComboFix Log---
ComboFix 08-11-30.02 - Staci 2008-12-01 7:53:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1322 [GMT -6:00]
Running from: c:\documents and settings\Staci\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\ariritum.ini
c:\windows\system32\dugejugo.dll
c:\windows\system32\erowijit.ini
c:\windows\system32\idugomaz.ini
c:\windows\system32\ihuwivep.ini
c:\windows\system32\ilebuwir.ini
c:\windows\system32\kuvusabu.dll
c:\windows\system32\lajiboki.dll
c:\windows\system32\mesateje.dll
c:\windows\system32\mutirira.dll
c:\windows\system32\nayifila.dll
c:\windows\system32\nevahoti.dll
c:\windows\system32\ogujegud.ini
c:\windows\system32\oponekew.ini
c:\windows\system32\riwubeli.dll
c:\windows\system32\tijiwore.dll
c:\windows\system32\zamogudi.dll
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 07:44 . 2007-10-24 23:16 3,798,331 --a------ C:\FramePkg.exe
2008-12-01 03:41 . 2007-07-30 19:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-01 03:01 . 2008-12-01 03:02 <DIR> d-------- c:\windows\ERUNT
2008-12-01 03:01 . 2008-12-01 04:28 <DIR> d-------- C:\SDFix
2008-11-29 13:07 . 2008-11-29 13:07 <DIR> d-------- C:\rsit
2008-11-29 12:56 . 2008-11-29 12:56 <DIR> d-------- c:\program files\Trend Micro
2008-11-29 12:40 . 2008-11-29 12:40 <DIR> d-------- c:\documents and settings\Administrator
2008-11-29 12:34 . 2008-11-29 12:34 33,832 --a------ c:\windows\system32\dcaniicf.exe
2008-11-28 19:43 . 2008-11-28 19:44 <DIR> d-------- c:\program files\Windows Defender
2008-11-25 20:42 . 2008-11-25 20:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 20:42 . 2008-11-25 20:42 <DIR> d-------- c:\documents and settings\Staci\Application Data\Malwarebytes
2008-11-25 20:42 . 2008-11-25 20:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 20:42 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 20:42 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 15:03 . 2008-11-20 15:03 <DIR> d-------- c:\program files\lame3.98.2
2008-11-20 15:00 . 2008-11-20 15:08 <DIR> d-------- c:\documents and settings\Staci\Application Data\AccurateRip
2008-11-20 14:59 . 2008-11-20 15:00 <DIR> d-------- c:\program files\Exact Audio Copy
2008-11-20 12:01 . 2008-11-20 12:01 <DIR> d-------- c:\windows\system32\QuickTime
2008-11-20 12:01 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll
2008-11-20 12:00 . 2008-11-20 12:00 <DIR> d-------- c:\program files\TechSmith
2008-11-20 12:00 . 2008-11-20 12:00 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-11-13 12:08 . 2008-11-13 12:08 259,448 --a------ c:\windows\system32\awrdscdc.ax
2008-11-13 12:07 . 2008-11-14 11:33 <DIR> d-------- c:\program files\Audible
2008-11-03 11:08 . 2008-11-03 11:09 <DIR> d-------- c:\program files\Wisdom-soft ScreenHunter 5 Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 08:49 --------- d-----w c:\program files\Dl_cats
2008-12-01 08:45 --------- d-----w c:\program files\LogMeIn
2008-11-25 15:08 --------- d-----w c:\documents and settings\Staci\Application Data\uTorrent
2008-11-25 06:16 --------- d-----w c:\program files\uTorrent
2008-11-23 16:16 --------- d-----w c:\program files\Stamps.com
2008-11-20 17:26 60,744 ------w c:\documents and settings\Staci\g2mdlhlpx.exe
2008-11-08 00:58 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-05 06:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 06:30 --------- d-----w c:\program files\FileZilla Client
2008-11-05 06:27 --------- d-----w c:\program files\Common Files\AVSMedia
2008-11-05 06:26 --------- d-----w c:\program files\AVS4YOU
2008-10-31 04:12 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-22 16:35 --------- d-----w c:\documents and settings\Staci\Application Data\webex
2008-10-21 16:45 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-21 16:45 --------- d-----w c:\program files\Adobe Media Player
2008-10-21 16:06 --------- d-----w c:\program files\Glance24
2008-10-20 13:24 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2008-10-10 20:05 --------- d-----w c:\documents and settings\Staci\Application Data\Apple Computer
2008-10-10 17:15 --------- d-----w c:\program files\iTunes
2008-10-10 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 17:14 --------- d-----w c:\program files\iPod
2008-10-10 17:12 --------- d-----w c:\program files\Bonjour
2008-10-10 17:11 --------- d-----w c:\program files\QuickTime
2008-10-10 17:11 --------- d-----w c:\program files\Common Files\Apple
2008-10-09 19:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-10-09 19:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-10-09 19:36 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-10-08 22:44 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-08 22:43 --------- d-----w c:\documents and settings\Staci\Application Data\RipIt4Me
2008-10-02 17:33 --------- d-----w c:\documents and settings\Staci\Application Data\Move Networks
2008-10-01 18:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2007-11-10 02:16 16 --sha-w c:\windows\glmlchai.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-12-24 160592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Update"="c:\documents and settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-24 136512]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-01-12 292336]
"DLCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-26 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-26 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-26 94208]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-07-16 111952]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-12-24 160592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-20 07:24 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2007-05-30 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-05-30 47640]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"c:\program files\Smith Micro\StuffIt\ArcNameService.exe" [2008-01-31 157016]
R2 zumbus;Zune Bus Enumerator Driver;c:\windows\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 WmaCDriverV32;WmaCDriverV32;c:\windows\system32\drivers\WmaCDriverV32.sys [2007-11-19 513152]
S3 BLUETOOTH_KICKER;Apple Bluetooth Kicker Driver;c:\windows\system32\Drivers\BthKicker.sys [2006-08-24 6016]
S3 msloop;Microsoft Loopback Adapter Driver;c:\windows\system32\DRIVERS\loop.sys [2008-03-10 4992]
S3 StartupDiskDriver;StartupDiskDriver;\??\c:\windows\system32\DRIVERS\StartupDiskDriver.sys [2006-09-26 4736]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a58445-e836-11db-8971-0016cb0b7149}]
\Shell\AutoRun\command - F:\/setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4446e3d-2c08-11dd-8fda-0016cb0b7149}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-30 c:\windows\Tasks\Back Up Day 1.job
- c:\windows\system32\ntbackup.exe [2004-08-04 06:00]

2008-12-01 c:\windows\Tasks\Back Up Day 2.job
- c:\windows\system32\ntbackup.exe [2004-08-04 06:00]

2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:15]

2008-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{85F4CA9D-D7AB-4199-A7FD-E100EDD0BB64}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{dd1dbf8c-996f-449a-86f4-6332e2fa8c9c} - c:\windows\system32\yalemera.dll
HKCU-Run-PTIM.exe - c:\program files\WebEx\Productivity Tools\PTIM.exe
HKCU-Run-PTOneClick - c:\program files\WebEx\Productivity Tools\ptoneclk.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKLM-Run-waletefume - c:\windows\system32\kulubibi.dll
HKLM-Run-CPM83418f85 - c:\windows\system32\safufoga.dll
HKLM-Run-SigmatelSysTrayApp - sttray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Staci\Application Data\Mozilla\Firefox\Profiles\tjzgvooi.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 08:03:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcqcoms.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft ActiveSync\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-12-01 8:10:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 14:10:41

Pre-Run: 14,004,641,792 bytes free
Post-Run: 14,368,444,416 bytes free

263 --- E O F --- 2008-04-03 04:34:10


---HijackThis Log---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:00 AM, on 12/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.lynnemorrell.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsol...scueControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216646904301
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.1.3/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sunmeetings.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.custhelp.com/8201-b499h/rnl/java/RntX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://vela-alegria.hyperoffice.com/hypero...nts/XUpload.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--
End of file - 15970 bytes

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 01 December 2008 - 06:05 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\Documents and Settings\Staci\Local Settings\Temporary Internet Files\Content.IE5\CMZSH4FH\_freescan[1].htm
    C:\Documents and Settings\Staci\Local Settings\Temporary Internet Files\Content.IE5\Q4Z8WX58\_freescan[1].htm
    W:\mjarvis\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP
    W:\mjarvis\important stuff\My Documents\installer.exe
    W:\mjarvis\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP
    W:\mjarvis\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP
    W:\mjarvis\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe
    W:\mjarvis\File off of vista rc2\Documents\My Downloads\dgt.exe
    W:\staci\Downloads\SoThink DHTML Menu Maker.zip
    X:\Downloads\SoThink DHTML Menu Maker.zip
    Z:\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP
    Z:\important stuff\My Documents\installer.exe
    Z:\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP
    Z:\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP
    Z:\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe
    Z:\File off of vista rc2\Documents\My Downloads\dgt.exe
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply,,,

1. OTMoveIt3
2. ESET Online Scanner
3. Tell me about your computer behaviour

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Ana55127

Ana55127
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 December 2008 - 09:47 AM

Thanks for the help... log files will follow. My computer behavior has been good, but I also installed Windows Defender after the fact and that seemed to stop the malware from opening popups, however I did still get error messages (when booting) that certain dll files (malware) couldn't be started/found. I'm assuming that's because Defender was killing the processes but not removing the problem. Now, when I reboot it does not appear that Defender is running and I do not see those error messages, which leads me to believe my problem is gone (or very close to it). Also, my computer is booting and running MUCH faster than it has since this problem started.

I also see on one of the log files that I have a music file that looked bad; it was reported as "cleaned" but I'm wondering if I should just delete it completely?

My final question (once the we're done here) is how to prevent this in the future. I do have top of the line VirusScan which includes malware/spyware protection - but obviously it can't protect from every threat. Please let me know if there is something else you've found to work well and also if there are any regular scans I should be doing to keep an eye on things.

Thanks again for your help - here are the requested log files:

----- OTMoveIt3 -----
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\Staci\Local Settings\Temporary Internet Files\Content.IE5\CMZSH4FH\_freescan[1].htm not found.
File/Folder C:\Documents and Settings\Staci\Local Settings\Temporary Internet Files\Content.IE5\Q4Z8WX58\_freescan[1].htm not found.
W:\mjarvis\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP moved successfully.
W:\mjarvis\important stuff\My Documents\installer.exe moved successfully.
W:\mjarvis\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP moved successfully.
W:\mjarvis\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP moved successfully.
W:\mjarvis\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe moved successfully.
W:\mjarvis\File off of vista rc2\Documents\My Downloads\dgt.exe moved successfully.
W:\staci\Downloads\SoThink DHTML Menu Maker.zip moved successfully.
File/Folder X:\Downloads\SoThink DHTML Menu Maker.zip not found.
File/Folder Z:\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP not found.
File/Folder Z:\important stuff\My Documents\installer.exe not found.
File/Folder Z:\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP not found.
File/Folder Z:\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP not found.
File/Folder Z:\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe not found.
File/Folder Z:\File off of vista rc2\Documents\My Downloads\dgt.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Staci\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF7CAC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF7CB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF8E1B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF8EB1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\WFV14B.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_183940

Files moved on Reboot...
C:\DOCUME~1\Staci\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF7CAC.tmp not found!
File C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF7CB9.tmp not found!
File C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF8E1B.tmp not found!
File C:\DOCUME~1\Staci\LOCALS~1\Temp\~DF8EB1.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\WFV14B.tmp not found!


----- ESET Online Scanner -----

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3655 (20081201)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=eb1f3d069b58d04e9f250f86cb68b0b7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-02 05:15:38
# local_time=2008-12-01 11:15:38 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=890149
# found=19
# scan_time=13815
C:\Qoobox\Quarantine\C\WINDOWS\system32\dugejugo.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuvusabu.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\lajiboki.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\nevahoti.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\tijiwore.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\zamogudi.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP Win32/TrojanClicker.VB.LA trojan (deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP »ZIP »crack-inf.exe Win32/TrojanClicker.VB.LA trojan (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\DVD tools\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP »ZIP »crack-inf.exe »NSIS »Adobe Gamma Loader.exe Win32/TrojanClicker.VB.LA trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe a variant of Win32/Adware.Webdir application (deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\File off of vista rc2\Documents\My Downloads\AVICodecPackPlus21.exe »NSIS »VirtualDNS.dll a variant of Win32/Adware.Webdir application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP Win32/TrojanClicker.VB.LA trojan (deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP »ZIP »crack-inf.exe Win32/TrojanClicker.VB.LA trojan (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\Files from milhouse\321Studios.DVDXCopy.Platinum.v3.2.1.Keymaker.Only-AGAiN.ZIP »ZIP »crack-inf.exe »NSIS »Adobe Gamma Loader.exe Win32/TrojanClicker.VB.LA trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP a variant of Win32/TrojanClicker.VB.NAW trojan (deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\mjarvis\My Pocketpc crap\apps\Namco.America.Galaga.v1.0.ARM.PPC2002.Incl.Keygen.MERRY.XMAS.HAPPY.2006-aS.ZIP »ZIP »installer.exe a variant of Win32/TrojanClicker.VB.NAW trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\staci\Downloads\SoThink DHTML Menu Maker.zip Win32/TrojanDownloader.Small.DDP trojan (deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\12012008_183940\staci\Downloads\SoThink DHTML Menu Maker.zip »ZIP »crack.exe Win32/TrojanDownloader.Small.DDP trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
F:\Music\Coldplay\Coldplay - Viva La Vida [2008] 320Kbps\10 Coldplay - Death And All His Friends.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) DEC4F31064ABE68F01FAEB5DC4E89388

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 02 December 2008 - 07:02 PM

Looks very good from my side.. Just run RSIT once again for my final review.. And, about that music file, its fine.. ESET Online Scanner has disinfect it :thumbsup:

On how to prevent virus/malware in the future, you can read below excellent article by miekiemoes..

How to prevent Malware

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Ana55127

Ana55127
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 December 2008 - 11:09 PM

Still running like a champ... can't thank you enough!! :thumbsup:

---- RSIT Log ----

Logfile of random's system information tool 1.04 (written by random/random)
Run by Staci at 2008-12-02 22:06:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (18%) free of 73 GB
Total RAM: 2016 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:57 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Staci\Desktop\AntiVirus\BleepingComputer\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Staci.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.lynnemorrell.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsol...scueControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216646904301
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.1.3/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sunmeetings.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.custhelp.com/8201-b499h/rnl/java/RntX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://vela-alegria.hyperoffice.com/hypero...nts/XUpload.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--
End of file - 16447 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Back Up Day 1.job
C:\WINDOWS\tasks\Back Up Day 2.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{85F4CA9D-D7AB-4199-A7FD-E100EDD0BB64}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-06 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2007-12-24 5690184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2008-07-16 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14 392240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2007-12-24 5690184]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-04-17 63048]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2007-10-24 136512]
"dlcqmon.exe"=C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [2007-01-12 292336]
"DLCQCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-26 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-09-26 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-09-26 94208]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-07-16 111952]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [2007-06-26 61440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2007-12-24 160592]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Google Update"=C:\Documents and Settings\Staci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-26 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-20 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dlcqcoms.exe"="C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Microsoft Office\Office12\EXCEL.EXE"="C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Adobe\Adobe Contribute CS3\Contribute.exe"="C:\Program Files\Adobe\Adobe Contribute CS3\Contribute.exe:*:Enabled:Contribute"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a58445-e836-11db-8971-0016cb0b7149}]
shell\AutoRun\command - F:\/setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4446e3d-2c08-11dd-8fda-0016cb0b7149}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 1 months======

2008-12-02 19:00:42 ----D---- C:\WINDOWS\LastGood
2008-12-02 09:53:15 ----SHD---- C:\Config.Msi
2008-12-02 03:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-02 03:53:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-02 03:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-02 03:47:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-02 03:43:03 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 03:42:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-02 03:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-02 03:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-02 03:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-02 03:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-02 03:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-01 19:18:07 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-01 18:39:40 ----D---- C:\_OTMoveIt
2008-12-01 08:27:26 ----SHD---- C:\RECYCLER
2008-12-01 08:10:47 ----A---- C:\ComboFix.txt
2008-12-01 07:56:46 ----D---- C:\WINDOWS\temp
2008-12-01 07:51:26 ----A---- C:\WINDOWS\zip.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\VFIND.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\SWSC.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\SWREG.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\sed.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\grep.exe
2008-12-01 07:51:26 ----A---- C:\WINDOWS\fdsv.exe
2008-12-01 07:51:22 ----D---- C:\WINDOWS\ERDNT
2008-12-01 07:51:22 ----D---- C:\Qoobox
2008-12-01 07:44:45 ----A---- C:\FramePkg.exe
2008-12-01 03:46:29 ----D---- C:\Documents and Settings\Staci\Application Data\WinRAR
2008-12-01 03:41:27 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-01 03:01:57 ----D---- C:\WINDOWS\ERUNT
2008-12-01 03:01:05 ----D---- C:\SDFix
2008-12-01 02:58:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 13:07:44 ----D---- C:\rsit
2008-11-29 12:56:46 ----D---- C:\Program Files\Trend Micro
2008-11-29 12:34:55 ----A---- C:\WINDOWS\system32\dcaniicf.exe
2008-11-28 19:43:59 ----D---- C:\Program Files\Windows Defender
2008-11-26 22:37:02 ----A---- C:\VundoFix.txt
2008-11-25 20:42:10 ----D---- C:\Documents and Settings\Staci\Application Data\Malwarebytes
2008-11-25 20:42:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-25 20:42:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-20 15:03:38 ----D---- C:\Program Files\lame3.98.2
2008-11-20 15:00:01 ----D---- C:\Documents and Settings\Staci\Application Data\AccurateRip
2008-11-20 14:59:56 ----D---- C:\Program Files\Exact Audio Copy
2008-11-20 12:01:22 ----A---- C:\WINDOWS\system32\tsccvid.dll
2008-11-20 12:01:21 ----D---- C:\WINDOWS\system32\QuickTime
2008-11-20 12:00:33 ----D---- C:\Program Files\Common Files\TechSmith Shared
2008-11-20 12:00:27 ----D---- C:\Program Files\TechSmith
2008-11-13 12:07:58 ----D---- C:\Program Files\Audible
2008-11-10 12:23:42 ----A---- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23:38 ----A---- C:\WINDOWS\system32\ZuneBusEnum.exe
2008-11-03 11:08:58 ----D---- C:\Program Files\Wisdom-soft ScreenHunter 5 Free

======List of files/folders modified in the last 1 months======

2008-12-02 22:06:54 ----D---- C:\WINDOWS\Prefetch
2008-12-02 22:06:43 ----D---- C:\WINDOWS
2008-12-02 19:00:43 ----D---- C:\WINDOWS\system32
2008-12-02 19:00:42 ----HD---- C:\WINDOWS\inf
2008-12-02 17:16:23 ----SD---- C:\WINDOWS\Tasks
2008-12-02 17:13:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 17:13:13 ----D---- C:\Program Files\Zune
2008-12-02 17:11:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 15:18:11 ----D---- C:\Program Files\Dl_cats
2008-12-02 10:20:59 ----RSD---- C:\WINDOWS\assembly
2008-12-02 10:20:59 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-02 09:54:59 ----SHD---- C:\WINDOWS\Installer
2008-12-02 09:54:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-02 09:54:02 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 04:11:21 ----D---- C:\Program Files\Internet Explorer
2008-12-02 04:06:21 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-02 03:58:57 ----D---- C:\Program Files\LogMeIn
2008-12-02 03:53:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 03:53:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-02 03:53:28 ----A---- C:\WINDOWS\imsins.BAK
2008-12-02 03:52:00 ----D---- C:\WINDOWS\ie7updates
2008-12-02 03:51:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-02 03:34:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-02 03:30:48 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-02 03:10:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-02 03:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-02 03:08:57 ----D---- C:\WINDOWS\WinSxS
2008-12-02 02:00:17 ----D---- C:\WINDOWS\Registration
2008-12-01 19:18:07 ----RD---- C:\Program Files
2008-12-01 19:17:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-01 18:39:40 ----D---- C:\quarantine
2008-12-01 18:31:45 ----D---- C:\Documents and Settings\Staci\Application Data\Adobe
2008-12-01 16:17:10 ----D---- C:\Program Files\Mozilla Firefox
2008-12-01 08:03:37 ----A---- C:\WINDOWS\system.ini
2008-12-01 07:59:28 ----D---- C:\WINDOWS\system32\config
2008-12-01 07:55:27 ----D---- C:\WINDOWS\AppPatch
2008-12-01 07:55:27 ----D---- C:\Program Files\Common Files
2008-12-01 04:12:37 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-01 03:41:20 ----D---- C:\WINDOWS\Help
2008-11-29 12:40:51 ----D---- C:\Documents and Settings
2008-11-28 19:43:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-25 09:08:18 ----D---- C:\Documents and Settings\Staci\Application Data\uTorrent
2008-11-25 00:16:55 ----D---- C:\Program Files\uTorrent
2008-11-23 10:16:29 ----D---- C:\Program Files\Stamps.com
2008-11-09 17:02:10 ----SD---- C:\Documents and Settings\Staci\Application Data\Microsoft
2008-11-07 18:58:04 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-05 00:32:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-05 00:30:55 ----D---- C:\Program Files\FileZilla Client
2008-11-05 00:27:07 ----D---- C:\Program Files\Common Files\AVSMedia
2008-11-05 00:26:59 ----RSD---- C:\WINDOWS\Fonts
2008-11-05 00:26:06 ----D---- C:\Program Files\AVS4YOU

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-07-16 52104]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-10-15 8413]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
R3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-03 25600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-09-26 1109568]
R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2007-04-17 10144]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-07-16 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-07-16 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-07-16 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-07-16 174952]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-26 1179784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 WmaCDriverV32;WmaCDriverV32; C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-07-19 513152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-09-26 494080]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BLUETOOTH_KICKER;Apple Bluetooth Kicker Driver; C:\WINDOWS\System32\Drivers\BthKicker.sys [2006-08-24 6016]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDiagnose\FreshIO.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StartupDiskDriver;StartupDiskDriver; \??\C:\WINDOWS\system32\DRIVERS\StartupDiskDriver.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 dlcq_device;dlcq_device; C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 537480]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-20 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-04-17 63040]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2007-10-24 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-07-16 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-07-16 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-09-26 86016]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe [2008-01-31 157016]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-22 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-16 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 02 December 2008 - 11:17 PM

Great!.. Lets do some cleanup...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users