Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus2009 can't get anywhere


  • This topic is locked This topic is locked
2 replies to this topic

#1 janie99

janie99

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 02 December 2008 - 12:59 PM

My daughter's computer is so infected with this monster I can't get anywhere online on her computer. I am having to put apps on a flash drive to run on her computer and then the info back here... I am lost and I "think" I know what I am doing;-)
It will not shut down normally, when you turn it back on you have to do it 3 times before the system will load..

Thanks for reading

janie99

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-02 12:46:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (82%) free of 71 GB
Total RAM: 446 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:42 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\V0470Mon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1194668037\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\mbam-setup.exe
F:\mbam-setup.exe
C:\Documents and Settings\Owner.princess\Desktop\mbam-setup.exe
C:\Documents and Settings\Owner.princess\Desktop\mbam-setup.exe
C:\Documents and Settings\Owner.princess\Desktop\mbam-setup.exe
C:\Documents and Settings\Owner.princess\Desktop\mbam-setup.exe
C:\Documents and Settings\Owner.princess\Desktop\mbam-setup.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6441
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {2EEBCAF6-177E-4F64-BE70-30913301CF11} - C:\WINDOWS\system32\urqNETJY.dll
O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\ddcCtsPj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {fa5d94d6-bc7e-48cb-6214-c45be15a23f9} - {9f32a51e-b54c-4126-bc84-e7cb6d49d5af} - C:\WINDOWS\system32\hogtsh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NI.GSCNS] "C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\awsowenram.tmp"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194668037\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196042519875
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hogtsh.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcCtsPj - ddcCtsPj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11618 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EEBCAF6-177E-4F64-BE70-30913301CF11}]
C:\WINDOWS\system32\urqNETJY.dll [2008-11-23 318464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73259091-9574-4ED8-A40F-7F65AFC28634}]
C:\WINDOWS\system32\ddcCtsPj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f32a51e-b54c-4126-bc84-e7cb6d49d5af}]
C:\WINDOWS\system32\hogtsh.dll [2008-12-02 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-15 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask []
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe []
"V0470Mon.exe"=C:\WINDOWS\V0470Mon.exe [2007-04-11 32768]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-05 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-05 688218]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe []
"NI.GSCNS"=C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\awsowenram.tmp [2008-11-23 54784]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe []
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []
"McRegWiz"=C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun []
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"HostManager"=C:\Program Files\Common Files\AOL\1194668037\ee\AOLSoftware.exe [2007-05-25 42032]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-29 344064]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-10-18 79448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-25 68856]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-09-27 30208]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-06-21 1318912]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

C:\Documents and Settings\Owner.princess\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="hogtsh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-28 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcCtsPj]
ddcCtsPj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{73259091-9574-4ED8-A40F-7F65AFC28634}"=C:\WINDOWS\system32\ddcCtsPj.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqNETJY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1194668037\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1194668037\EE\aolsoftware.exe:*:Enabled:AOL Services"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-02 12:46:25 ----D---- C:\rsit
2008-12-02 12:04:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-02 12:04:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-02 10:20:17 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 10:20:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 10:20:17 ----A---- C:\WINDOWS\system32\java.exe
2008-12-02 08:50:18 ----D---- C:\Program Files\Trend Micro
2008-12-02 08:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-02 07:41:35 ----A---- C:\WINDOWS\system32\hogtsh.dll
2008-12-02 07:41:31 ----A---- C:\WINDOWS\system32\ompmmivq.dll
2008-12-02 07:40:05 ----ASH---- C:\WINDOWS\system32\ftysxhuq.ini
2008-12-02 07:39:50 ----A---- C:\WINDOWS\system32\quhxsytf.dll
2008-11-29 22:57:10 ----A---- C:\WINDOWS\system32\xumvxf.dll
2008-11-29 22:57:08 ----A---- C:\WINDOWS\system32\urkewtvh.dll
2008-11-29 22:55:37 ----ASH---- C:\WINDOWS\system32\fcnmbyoj.ini
2008-11-29 22:55:28 ----A---- C:\WINDOWS\system32\joybmncf.dll
2008-11-28 20:07:54 ----ASH---- C:\WINDOWS\system32\tlhfhlgt.ini
2008-11-28 20:07:53 ----A---- C:\WINDOWS\system32\tglhfhlt.dll
2008-11-28 20:05:58 ----A---- C:\WINDOWS\system32\jdmfuw.dll
2008-11-28 20:05:55 ----A---- C:\WINDOWS\system32\nogpifjf.dll
2008-11-28 14:23:19 ----D---- C:\Documents and Settings\Owner.princess\Application Data\skypePM
2008-11-28 14:21:38 ----D---- C:\Documents and Settings\Owner.princess\Application Data\Skype
2008-11-28 14:20:19 ----D---- C:\Program Files\Skype
2008-11-28 14:20:18 ----D---- C:\Program Files\Common Files\Skype
2008-11-28 14:19:53 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-28 13:53:26 ----D---- C:\Documents and Settings\Owner.princess\Application Data\Creative
2008-11-28 13:33:05 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-11-28 13:27:32 ----N---- C:\WINDOWS\Ctregrun.exe
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\V0470Mon.exe
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\V0470Cfg.exe
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\system32\V0470Srv.exe
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\system32\V0470Pin.dll
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\system32\V0470Hwx.dll
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\system32\V0470Cvw.dll
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\system32\CtCamMgr.dll
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\CtDrvIns.exe.manifest
2008-11-28 13:25:49 ----RA---- C:\WINDOWS\CtDrvIns.exe
2008-11-28 13:25:45 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-28 13:24:37 ----D---- C:\WINDOWS\CtDrvInstall
2008-11-28 13:22:41 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-28 13:22:40 ----A---- C:\WINDOWS\system32\pxwma.dll
2008-11-28 13:22:40 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-11-28 13:22:40 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-11-28 13:22:39 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-11-28 13:22:39 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-11-28 13:22:39 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-11-28 13:22:37 ----A---- C:\WINDOWS\system32\px.dll
2008-11-28 13:21:06 ----D---- C:\Program Files\Common Files\muvee Technologies
2008-11-28 13:20:59 ----D---- C:\Program Files\muvee Technologies
2008-11-28 13:20:10 ----D---- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-11-28 13:19:59 ----D---- C:\Documents and Settings\Owner.princess\Application Data\InstallShield
2008-11-28 13:19:19 ----D---- C:\Program Files\SightSpeed
2008-11-28 13:17:12 ----D---- C:\Program Files\Creative
2008-11-25 00:41:29 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-24 22:47:16 ----A---- C:\WINDOWS\system32\sauetv.dll
2008-11-24 22:47:15 ----A---- C:\WINDOWS\system32\jkurjuxf.dll
2008-11-24 22:41:24 ----ASH---- C:\WINDOWS\system32\nfjfukpg.ini
2008-11-24 21:17:40 ----A---- C:\WINDOWS\system32\evjito.dll
2008-11-24 21:17:39 ----A---- C:\WINDOWS\system32\jbkliheq.dll
2008-11-24 21:14:40 ----ASH---- C:\WINDOWS\system32\dljcxoia.ini
2008-11-24 21:14:39 ----A---- C:\WINDOWS\system32\aioxcjld.dll
2008-11-23 21:14:47 ----D---- C:\Documents and Settings\Owner.princess\Application Data\NI.GSCNS
2008-11-23 21:14:01 ----A---- C:\WINDOWS\system32\kovqou.dll
2008-11-23 21:13:59 ----A---- C:\WINDOWS\system32\vsuudsyv.dll
2008-11-23 21:12:16 ----ASH---- C:\WINDOWS\system32\ulckiibr.ini
2008-11-23 21:11:44 ----A---- C:\WINDOWS\system32\fb0abbcc-.txt
2008-11-23 21:10:59 ----ASH---- C:\WINDOWS\system32\YJTENqru.ini2
2008-11-23 21:10:59 ----ASH---- C:\WINDOWS\system32\YJTENqru.ini
2008-11-23 21:10:52 ----A---- C:\WINDOWS\system32\urqNETJY.dll
2008-11-23 21:05:16 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-11-16 23:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-16 23:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 23:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-02 12:39:16 ----D---- C:\Program Files\Mozilla Firefox
2008-12-02 12:08:14 ----D---- C:\WINDOWS\TEMP
2008-12-02 12:04:24 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 12:04:19 ----RD---- C:\Program Files
2008-12-02 12:01:10 ----A---- C:\WINDOWS\win.ini
2008-12-02 11:46:33 ----D---- C:\WINDOWS\Prefetch
2008-12-02 11:20:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 10:46:18 ----SHD---- C:\WINDOWS\Installer
2008-12-02 10:43:22 ----D---- C:\WINDOWS
2008-12-02 10:43:10 ----D---- C:\Program Files\BigFix
2008-12-02 10:31:25 ----SD---- C:\WINDOWS\Tasks
2008-12-02 10:28:05 ----D---- C:\WINDOWS\system32
2008-12-02 10:27:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 10:25:07 ----SD---- C:\Documents and Settings\Owner.princess\Application Data\Microsoft
2008-12-02 10:20:07 ----D---- C:\Program Files\Java
2008-12-02 10:07:48 ----RASH---- C:\boot.ini
2008-12-02 10:07:48 ----A---- C:\WINDOWS\system.ini
2008-12-02 10:06:25 ----D---- C:\WINDOWS\system32\Restore
2008-12-02 10:03:30 ----D---- C:\WINDOWS\pss
2008-12-02 08:36:31 ----D---- C:\WINDOWS\WinSxS
2008-12-02 08:36:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-02 07:49:47 ----D---- C:\Documents and Settings\Owner.princess\Application Data\Google
2008-12-02 07:48:34 ----D---- C:\Program Files\Common Files
2008-12-02 07:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-12-02 07:46:45 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-12-02 07:46:45 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-02 07:36:51 ----SHD---- C:\WINDOWS\CSC
2008-11-28 13:28:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-28 13:27:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-28 13:25:49 ----D---- C:\WINDOWS\twain_32
2008-11-28 13:25:30 ----HD---- C:\WINDOWS\inf
2008-11-28 13:23:30 ----A---- C:\AUTOEXEC.BAT
2008-11-28 13:22:33 ----RSD---- C:\WINDOWS\Fonts
2008-11-28 13:15:47 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-18 19:16:59 ----D---- C:\WINDOWS\Help
2008-11-17 23:08:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-17 22:34:00 ----D---- C:\Program Files\SpiralFrog
2008-11-16 23:47:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 23:47:21 ----A---- C:\WINDOWS\imsins.BAK
2008-11-11 11:41:34 ----D---- C:\Documents and Settings\Owner.princess\Application Data\LimeWire
2008-11-10 19:42:09 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-11-10 19:01:47 ----D---- C:\Documents and Settings\Owner.princess\Application Data\Move Networks
2008-11-08 19:41:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 09:22:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-30 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-30 2560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-09 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-11-09 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-28 1132544]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-20 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-20 350080]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-01-25 200576]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-05 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-18 230912]
S3 catchme;catchme; \??\C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 69692]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-04-20 146368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-28 364544]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 OpenCASE Media Agent;OpenCASE Media Agent; C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 814728]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-11-09 172032]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-02-17 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-10 138168]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------

Edited by janie99, 02 December 2008 - 01:06 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 December 2008 - 11:36 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Please post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 08 December 2008 - 02:18 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users