Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win AntiVirus 360


  • This topic is locked This topic is locked
13 replies to this topic

#1 Ed Levy

Ed Levy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 16 December 2008 - 12:20 AM

I've run Malwarebytes numerous times in both normal mode and safe mode. Also bought it and have it monitoring. Also ran SmitFraudFix in safe mode. Could you please take a look at my HJT log file and see if I finally got rid of Win Antivirus 360 (and other malware). Thank you VERY much.
Ed Levy.

First putting the HijackThis log. Then, since this is my first post and instructions say to do so, including DDS logs at end.

Hijack This

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:25 AM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [mfawscqpbckd] C:\WINDOWS\system32\mfawscqpbckd.exe
O4 - HKLM\..\Run: [oookazhoalrj] C:\WINDOWS\system32\oookazhoalrj.exe
O4 - HKLM\..\Run: [yxh] C:\WINDOWS\system32\yxh.exe
O4 - HKLM\..\Run: [nadoxpahsmyj] C:\WINDOWS\system32\nadoxpahsmyj.exe
O4 - HKLM\..\Run: [ica] C:\WINDOWS\system32\ica.exe
O4 - HKLM\..\Run: [cpbu] C:\WINDOWS\system32\cpbu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [uckif] C:\WINDOWS\system32\uckif.exe
O4 - HKLM\..\Run: [ou] C:\WINDOWS\system32\ou.exe
O4 - HKLM\..\Run: [Auto Run Software for Photo Frame] "C:\Program Files\Philips\Auto Run Software for Photo

Frame\PhotoManager.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunServices: [mfawscqpbckd] C:\WINDOWS\system32\mfawscqpbckd.exe
O4 - HKLM\..\RunServices: [oookazhoalrj] C:\WINDOWS\system32\oookazhoalrj.exe
O4 - HKLM\..\RunServices: [yxh] C:\WINDOWS\system32\yxh.exe
O4 - HKLM\..\RunServices: [nadoxpahsmyj] C:\WINDOWS\system32\nadoxpahsmyj.exe
O4 - HKLM\..\RunServices: [ica] C:\WINDOWS\system32\ica.exe
O4 - HKLM\..\RunServices: [cpbu] C:\WINDOWS\system32\cpbu.exe
O4 - HKLM\..\RunServices: [uckif] C:\WINDOWS\system32\uckif.exe
O4 - HKLM\..\RunServices: [ou] C:\WINDOWS\system32\ou.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot

1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) -

http://inst.c-wss.com/n028p/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {785F7664-AD0E-4CBA-8F28-F6C485A9E648} (Web Class) - https://www-us.myataw.com/ebctrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: zdgxvs.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Print Spooler Service (axmm91aykegeou44) - Unknown owner - C:\WINDOWS\system32\cpbu.exe (file

missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital

Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\SharedCOM8\RoxWatch.exe

--
End of file - 9576 bytes

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DDS


DDS (Version 1.0.1) - NTFSx86
Run by Lisa at 23:59:50.95 on Mon 12/15/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.147 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\AntiSpyware\DDS_UsedByBleepingComputer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [<NO NAME>]
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [mfawscqpbckd] c:\windows\system32\mfawscqpbckd.exe
mRun: [oookazhoalrj] c:\windows\system32\oookazhoalrj.exe
mRun: [yxh] c:\windows\system32\yxh.exe
mRun: [nadoxpahsmyj] c:\windows\system32\nadoxpahsmyj.exe
mRun: [ica] c:\windows\system32\ica.exe
mRun: [cpbu] c:\windows\system32\cpbu.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [uckif] c:\windows\system32\uckif.exe
mRun: [ou] c:\windows\system32\ou.exe
mRun: [Auto Run Software for Photo Frame] "c:\program files\philips\auto run software for photo frame\PhotoManager.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunServices: [mfawscqpbckd] c:\windows\system32\mfawscqpbckd.exe
mRunServices: [oookazhoalrj] c:\windows\system32\oookazhoalrj.exe
mRunServices: [yxh] c:\windows\system32\yxh.exe
mRunServices: [nadoxpahsmyj] c:\windows\system32\nadoxpahsmyj.exe
mRunServices: [ica] c:\windows\system32\ica.exe
mRunServices: [cpbu] c:\windows\system32\cpbu.exe
mRunServices: [uckif] c:\windows\system32\uckif.exe
mRunServices: [ou] c:\windows\system32\ou.exe
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
AppInit_DLLs: zdgxvs.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-5 207656]
R2 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" [2008-12-14 170640]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-4-5 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-4-5 144704]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2005-8-19 14336]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-12-20 2368]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-14 15504]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-4-5 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-5 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-5 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-5 40488]
S2 axmm91aykegeou44;Print Spooler Service;c:\windows\system32\cpbu.exe /service []
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-5 34152]
S3 msdirectx;msdirectx;\??\c:\windows\system32\msdirectx.sys []
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2005-8-21 72576]

=============== Created Last 30 ================

2008-12-15 23:24 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-15 22:01 <DIR> --d----- c:\windows\system32\scripting
2008-12-15 22:01 <DIR> --d----- c:\windows\l2schemas
2008-12-15 22:01 <DIR> --d----- c:\windows\system32\en
2008-12-15 22:01 <DIR> --d----- c:\windows\system32\bits
2008-12-15 21:56 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-15 21:53 <DIR> --d----- c:\windows\network diagnostic
2008-12-15 18:46 <DIR> --d----- c:\docume~1\lisa~1.ilc\applic~1\Malwarebytes
2008-12-15 17:55 <DIR> --d----- C:\RegistryBackups
2008-12-15 13:57 3,016 a------- c:\windows\system32\tmp.reg
2008-12-14 23:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 23:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 23:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 23:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-14 17:38 1,647,120 a--sh--- c:\windows\system32\qoctkhlu.ini
2008-12-14 12:25 1,647,120 a--sh--- c:\windows\system32\aowysomj.ini
2008-12-10 20:55 <DIR> --d----- c:\program files\Common

==================== Find3M ====================

2008-12-15 22:05 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-01 14:51 87,552 a------- c:\windows\system32\VACFix.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-20 11:45 80,384 a------- c:\windows\system32\o4Patch.exe
2003-08-27 14:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll

============= FINISH: 0:01:08.10 ===============

DDS Attach.txt attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 19 December 2008 - 02:50 PM

Please open Notepad >> Go to Format tab >> untick Word Wrap


Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Double click combofix.exe and follow the prompts. Make sure you install Recovery Console if asked.
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Ed Levy

Ed Levy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 21 December 2008 - 07:18 PM

I greatly appreciate your help. I haven't run combofix yet because there is something I don't understand about turning off my anti-virus software. I have McAfee, Malaware Bytes, and Ad-aware SE (but not running actively, just as something I can run). I would think the 2 that I need to turn off are McAfee and Malaware, as Ad-aware is not running a process except when I explicitly request a scan. The things I don't understand are:

- When I turn off Mcafee and Malaware Bytes, am I opening myself up to further infection while they are off?
- As soon as I have run Combofix, can I turn them back on
- Can/should I run Combofix in Safe Mode, or maybe simply disconnect from the internet while I run it?

If I can disconnect from the Internet, then turn off Mcafee and Malaware while I run Combofix, then turn them back on and re-connect to the internet, I will feel secure that I am not going to become further infected while running Combofix. Will that give you the information that you need?

Thanks a lot,
Ed Levy

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 22 December 2008 - 03:52 AM

Hello Ed...

Just disable McAfee and Ad-Aware and run ComboFix.. Wait until its finish produces a log, then re-enable back your McAfee and Ad-Aware.. Then post the logs requested here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Ed Levy

Ed Levy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 22 December 2008 - 02:11 PM

Here are the results of Combofix and HijackThis (run after Combofix). I thought I turned off all antivirus and antimalware software prior to running, following the instructions as best I could. I hope I did it right. I noticed that combofix did get rid of a couple of ini files. Thank you very much for your help, Ed

ComboFix log:

ComboFix 08-12-15.01 - Lisa 2008-12-22 13:30:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.187 [GMT -5:00]
Running from: c:\downloads\AntiSpyware\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common\helper.sig
c:\windows\IE4 Error Log.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\aowysomj.ini
c:\windows\system32\Cache
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\qoctkhlu.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\ctiexcwo.job
c:\windows\Tasks\uxgcoyxi.job
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msdirectx


((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-18 08:28 . 2008-12-18 08:28 <DIR> d-------- C:\VirusLogs
2008-12-16 00:04 . 2008-12-16 00:04 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 23:57 . 2008-12-20 11:11 4,194,377 --a------ c:\windows\pfirewall.log.old
2008-12-15 23:24 . 2008-12-15 23:24 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-15 22:01 . 2008-12-15 22:01 <DIR> d-------- c:\windows\system32\scripting
2008-12-15 22:01 . 2008-12-15 22:01 <DIR> d-------- c:\windows\system32\en
2008-12-15 22:01 . 2008-12-15 22:01 <DIR> d-------- c:\windows\system32\bits
2008-12-15 22:01 . 2008-12-15 22:01 <DIR> d-------- c:\windows\l2schemas
2008-12-15 21:56 . 2008-12-15 22:02 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-15 18:46 . 2008-12-15 18:46 <DIR> d-------- c:\documents and settings\Lisa.ILC-GAMES-02\Application Data\Malwarebytes
2008-12-15 17:55 . 2008-12-15 17:57 <DIR> d-------- C:\RegistryBackups
2008-12-15 13:55 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-14 23:55 . 2008-12-14 23:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 23:55 . 2008-12-14 23:55 <DIR> d-------- c:\documents and settings\Ed\Application Data\Malwarebytes
2008-12-14 23:55 . 2008-12-14 23:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 23:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 23:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 13:07 . 2008-12-14 13:07 <DIR> d-------- c:\documents and settings\Lisa.ILC-GAMES-02\Application Data\Lavasoft
2008-12-10 20:55 . 2008-12-22 13:30 <DIR> d-------- c:\program files\Common
2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\JuliaPearlsteinEmail\Application Data\Apple Computer
2008-12-01 20:09 . 2008-12-01 21:14 <DIR> d-------- c:\documents and settings\JuliaPearlsteinEmail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 04:23 --------- d-----w c:\program files\Java
2008-12-16 04:03 --------- d-----w c:\program files\McAfee
2008-12-14 13:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-14 13:14 --------- d-----w c:\program files\ScanSoft
2008-12-14 13:14 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-12-14 13:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 13:03 --------- d-----w c:\program files\Canon
2008-12-14 13:02 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-22 14:24 --------- d-----w c:\documents and settings\Sarah\Application Data\AdobeUM
2008-11-12 08:01 --------- d-----w c:\program files\MSXML 4.0
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2003-08-27 19:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"MXOBG"="c:\windows\MXOALDR.EXE" [2006-01-19 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-12 229952]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zdgxvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 14:08 67160 c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2004-12-22 08:21 823296 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-11-21 21:47 1687552 c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-11-22 09:34 163840 c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Sarah\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-14 170640]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2005-08-19 14336]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-12-20 2368]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-14 15504]
S2 axmm91aykegeou44;Print Spooler Service;c:\windows\system32\cpbu.exe /service []
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\netusbxp.sys [2005-08-21 72576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c09c9cf3-787c-11dd-ae5b-0013203010d9}]
\Shell\AutoRun\command - e:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-mfawscqpbckd - c:\windows\system32\mfawscqpbckd.exe
HKLM-Run-oookazhoalrj - c:\windows\system32\oookazhoalrj.exe
HKLM-Run-yxh - c:\windows\system32\yxh.exe
HKLM-Run-nadoxpahsmyj - c:\windows\system32\nadoxpahsmyj.exe
HKLM-Run-ica - c:\windows\system32\ica.exe
HKLM-Run-cpbu - c:\windows\system32\cpbu.exe
HKLM-Run-uckif - c:\windows\system32\uckif.exe
HKLM-Run-ou - c:\windows\system32\ou.exe
HKLM-Run-Auto Run Software for Photo Frame - c:\program files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe
HKLM-RunServices-mfawscqpbckd - c:\windows\system32\mfawscqpbckd.exe
HKLM-RunServices-oookazhoalrj - c:\windows\system32\oookazhoalrj.exe
HKLM-RunServices-yxh - c:\windows\system32\yxh.exe
HKLM-RunServices-nadoxpahsmyj - c:\windows\system32\nadoxpahsmyj.exe
HKLM-RunServices-ica - c:\windows\system32\ica.exe
HKLM-RunServices-cpbu - c:\windows\system32\cpbu.exe
HKLM-RunServices-uckif - c:\windows\system32\uckif.exe
HKLM-RunServices-ou - c:\windows\system32\ou.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

c:\windows\Downloaded Program Files\ebctrl.dll - O16 -: {785F7664-AD0E-4CBA-8F28-F6C485A9E648}
hxxps://www-us.myataw.com/ebctrl.cab
c:\windows\Downloaded Program Files\ebctrl.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 13:55:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-22 13:58:31 - machine was rebooted [Lisa]
ComboFix-quarantined-files.txt 2008-12-22 18:58:08

Pre-Run: 601,739,264 bytes free
Post-Run: 2,945,720,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

212 --- E O F --- 2008-12-18 08:02:04

Hijack This Log

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:46 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n028p/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {785F7664-AD0E-4CBA-8F28-F6C485A9E648} (Web Class) - https://www-us.myataw.com/ebctrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: zdgxvs.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Print Spooler Service (axmm91aykegeou44) - Unknown owner - C:\WINDOWS\system32\cpbu.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 8589 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 22 December 2008 - 03:03 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    axmm91aykegeou44
    
    :files
    c:\windows\system32\cpbu.exe
    
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..

1. OTMoveIt3
2. ESET Online Scanner

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Ed Levy

Ed Levy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 22 December 2008 - 08:13 PM

Here are the logs from OTMoveIt3 and ESet Online Scanner. Thank you very much, Fenzodahl. I think it is fantastic that you all do this, and I am planning to make a contribution to the site at the end of the process (though I'm sorry to say I think I will also do this for my other computer, which probably has some issues though not as bad as this one was).

I will also be asking what you think is the best way to keep my computers beyond running McAfee, Malaware, and Adaware (which I think are compatible) and not using P2P programs. I suppose I should be using FireFox rather than IE, but I haven't yet made the switch. And I'm pretty much stuck on Outlook.

Ed

OTMoveIt3
++++++++++++++++++++++++++++++++

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service axmm91aykegeou44 stopped successfully.
Service axmm91aykegeou44 deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\cpbu.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET2A95.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_4h73BVg1EpfmDUa scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_cHoiMpdhwEVfCS1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_eelmLgJE8bzA5ml scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_150.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c78.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV5.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_172545

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\JET2A95.tmp moved successfully.
File C:\WINDOWS\temp\mcafee_4h73BVg1EpfmDUa not found!
File C:\WINDOWS\temp\mcmsc_cHoiMpdhwEVfCS1 not found!
C:\WINDOWS\temp\mcmsc_eelmLgJE8bzA5ml moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_150.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_c78.dat not found!
File C:\WINDOWS\temp\WFV5.tmp not found!

ESet Online Scanner
+++++++++++++

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3712 (20081222)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=52f1ac8fb6f92648b1abf621cec56c09
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-23 12:05:56
# local_time=2008-12-22 07:05:56 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=331234
# found=0
# scan_time=5411
+++++++++++++

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 23 December 2008 - 04:38 AM

Hello...

1. For other computer, it is best to run RSIT on it and then open a new topic on it.. Just stated that its from different computer..

2. Combination of McAfee + Malwarebytes' + Ad-Aware is good.. Just make sure you update its definition regularly..

3. I highly recommend Firefox over IE.. I myself a heavy firefox user :thumbsup:


Please run RSIT again and post the log here for my final review :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Ed Levy

Ed Levy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 23 December 2008 - 10:31 PM

Thank you very much again. Here is the RSIT Log:
info.txt logfile of random's system information tool 1.05 2008-12-23 22:29:25

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
-->MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
-->MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
-->MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
-->MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivePerl 5.8.4 Build 810-->MsiExec.exe /I{D629903C-0C85-4425-ACE5-38CFD312AF0B}
Ad-Aware SE Plus-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon i850-->C:\WINDOWS\system32\CNMCP4B.exe "-PRINTERNAMECanon i850" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Drivers 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF3DD04-F386-46B0-97FC-B86238B65487}\Setup.exe" -l0x9 -Uninstall
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Continental Airlines Timetable-->MsiExec.exe /X{884ACC8E-FE0E-4CA7-AE93-08435BD5A0A9}
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FileZilla Client 3.0.11-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
iPod for Windows 2005-06-26-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{654F0312-CB3D-4FE2-962C-6BB9752E9146} /l1033
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 1.9-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{885894A5-BA0A-460E-AB4C-96C5C9B2C5E2}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MarkelSoft Dupe Eliminator 2.0 for iTunes-->"C:\Program Files\MarkelSoft Dupe Eliminator 2.0 for iTunes\UninstallerData\Uninstall MarkelSoft Dupe Eliminator 2.0 for iTunes.exe"
Maxtor OneTouch-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54} /l1033
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Roxio Content 8-->MsiExec.exe /X{329B7564-7E13-4A70-BC2B-F9870C82AAB6}
Roxio Easy Media Creator 8 Suite-->MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Tag&Rename 3.2-->"C:\Program Files\TagRename\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB Storage Adapter FX (MXO)-->MXOun.exe MXOFX
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: ILC-GAMES-02
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 30061
Source Name: Disk
Time Written: 20080727174850.000000-240
Event Type: error
User:

Computer Name: ILC-GAMES-02
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 30060
Source Name: Disk
Time Written: 20080727174849.000000-240
Event Type: error
User:

Computer Name: ILC-GAMES-02
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 30059
Source Name: Disk
Time Written: 20080727174848.000000-240
Event Type: error
User:

Computer Name: ILC-GAMES-02
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 30058
Source Name: Disk
Time Written: 20080727174847.000000-240
Event Type: error
User:

Computer Name: ILC-GAMES-02
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 30057
Source Name: Disk
Time Written: 20080727174846.000000-240
Event Type: error
User:

Application event log

Computer Name: ILC-GAMES-02
Event Code: 0
Message:
Record Number: 1115
Source Name: mcmispupdmgr
Time Written: 20071007235202.000000-240
Event Type: information
User:

Computer Name: ILC-GAMES-02
Event Code: 0
Message:
Record Number: 1114
Source Name: mcmispupdmgr
Time Written: 20071007235141.000000-240
Event Type: information
User:

Computer Name: ILC-GAMES-02
Event Code: 0
Message:
Record Number: 1113
Source Name: mcmispupdmgr
Time Written: 20071007235141.000000-240
Event Type: information
User:

Computer Name: ILC-GAMES-02
Event Code: 0
Message:
Record Number: 1112
Source Name: mcmispupdmgr
Time Written: 20071007193244.000000-240
Event Type: information
User:

Computer Name: ILC-GAMES-02
Event Code: 0
Message:
Record Number: 1111
Source Name: mcmispupdmgr
Time Written: 20071007193225.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Perl\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 23 December 2008 - 11:52 PM

Hello.. you've posted RSIT info.txt and not the RSIT log.txt... Please run RSIT again and post the correct log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Ed Levy

Ed Levy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 24 December 2008 - 07:50 AM

Oops. Here's the log. BTW - McAfee is popping up a warning about PuP Tool-NirCMD. I've done a little lookng around, and it seems like it may be part of a scanning program that I do want running, implying that I should trust it. Do you happen to know? Thanks a lot, Ed

RSIT Log
Logfile of random's system information tool 1.05 (written by random/random)
Run by Lisa at 2008-12-24 07:47:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (9%) free of 76 GB
Total RAM: 510 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:03 AM, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\winlogon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\AntiSpyware\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Lisa.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1078081533-1677128483-725345543-1010\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Julia')
O4 - HKUS\S-1-5-21-1078081533-1677128483-725345543-1010\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Julia')
O4 - HKUS\S-1-5-21-1078081533-1677128483-725345543-1010\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Julia')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n028p/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {785F7664-AD0E-4CBA-8F28-F6C485A9E648} (Web Class) - https://www-us.myataw.com/ebctrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 9151 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"SM1BG"=C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]
"MXOBG"=C:\WINDOWS\MXOALDR.EXE [2006-01-19 94208]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-15 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-12 229952]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [2004-12-22 823296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-11-21 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe [2005-11-22 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Documents and Settings\Sarah\Local Settings\Application Data\Skype\Phone\Skype.exe"="C:\Documents and Settings\Sarah\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Disabled:lockx"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"="C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c09c9cf3-787c-11dd-ae5b-0013203010d9}]
shell\AutoRun\command - E:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2008-12-23 22:29:09 ----D---- C:\rsit
2008-12-22 17:34:29 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-22 17:26:22 ----SHD---- C:\RECYCLER
2008-12-22 17:25:45 ----D---- C:\_OTMoveIt
2008-12-22 13:58:33 ----A---- C:\ComboFix.txt
2008-12-22 13:23:42 ----A---- C:\Boot.bak
2008-12-22 13:23:34 ----RASHD---- C:\cmdcons
2008-12-22 13:19:32 ----D---- C:\ComboFix
2008-12-22 13:17:49 ----A---- C:\WINDOWS\zip.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\VFIND.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\SWSC.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\SWREG.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\sed.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\grep.exe
2008-12-22 13:17:49 ----A---- C:\WINDOWS\fdsv.exe
2008-12-22 13:17:43 ----D---- C:\WINDOWS\ERDNT
2008-12-22 13:17:42 ----D---- C:\Qoobox
2008-12-18 08:28:07 ----D---- C:\VirusLogs
2008-12-18 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-16 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-16 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-16 00:04:07 ----D---- C:\Program Files\Trend Micro
2008-12-15 23:24:33 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-15 23:24:33 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-15 23:24:33 ----A---- C:\WINDOWS\system32\java.exe
2008-12-15 23:24:33 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-15 23:03:09 ----D---- C:\WINDOWS\Prefetch
2008-12-15 22:55:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-15 22:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-15 22:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-15 22:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-15 22:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-15 22:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-15 22:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-15 22:44:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-15 22:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-15 22:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-15 22:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-15 22:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-12-15 22:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-12-15 22:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-15 22:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-15 22:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-15 22:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-15 22:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-15 22:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-15 22:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-15 22:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-15 22:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-15 22:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-12-15 22:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-15 22:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-15 22:01:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-15 22:01:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-15 22:01:31 ----D---- C:\WINDOWS\l2schemas
2008-12-15 22:01:30 ----D---- C:\WINDOWS\system32\en
2008-12-15 22:01:29 ----D---- C:\WINDOWS\system32\bits
2008-12-15 21:56:59 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-15 21:53:55 ----D---- C:\WINDOWS\network diagnostic
2008-12-15 21:46:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-15 18:46:01 ----D---- C:\Documents and Settings\Lisa.ILC-GAMES-02\Application Data\Malwarebytes
2008-12-15 18:41:50 ----A---- C:\writetest.txt
2008-12-15 17:55:35 ----D---- C:\RegistryBackups
2008-12-15 13:57:16 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-15 13:57:11 ----A---- C:\rapport.txt
2008-12-15 13:55:02 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2008-12-14 23:55:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 23:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 13:07:38 ----D---- C:\Documents and Settings\Lisa.ILC-GAMES-02\Application Data\Lavasoft
2008-12-14 12:22:57 ----A---- C:\WINDOWS\system32\cb23b66a-.txt
2008-12-11 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$
2008-12-11 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-11 03:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-10 20:55:42 ----D---- C:\Program Files\Common

======List of files/folders modified in the last 1 months======

2008-12-24 07:48:00 ----D---- C:\WINDOWS\Temp
2008-12-23 15:09:08 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-22 17:34:29 ----AD---- C:\Program Files
2008-12-22 17:34:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-22 17:34:06 ----D---- C:\WINDOWS\system32
2008-12-22 17:34:04 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-22 17:27:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-22 13:58:43 ----D---- C:\WINDOWS\system32\drivers
2008-12-22 13:58:35 ----D---- C:\WINDOWS
2008-12-22 13:55:13 ----A---- C:\WINDOWS\system.ini
2008-12-22 13:45:58 ----D---- C:\WINDOWS\system32\config
2008-12-22 13:33:08 ----D---- C:\WINDOWS\AppPatch
2008-12-22 13:33:08 ----D---- C:\Program Files\Common Files
2008-12-22 13:32:31 ----SD---- C:\WINDOWS\Tasks
2008-12-22 13:23:42 ----RASH---- C:\boot.ini
2008-12-18 19:15:22 ----D---- C:\Documents and Settings
2008-12-18 03:02:04 ----HD---- C:\WINDOWS\inf
2008-12-18 03:01:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:45 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 03:01:23 ----A---- C:\WINDOWS\imsins.BAK
2008-12-15 23:24:51 ----SHD---- C:\WINDOWS\Installer
2008-12-15 23:24:51 ----SHD---- C:\Config.Msi
2008-12-15 23:23:53 ----D---- C:\Program Files\Java
2008-12-15 23:07:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-15 23:04:23 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-15 23:03:19 ----D---- C:\Program Files\McAfee
2008-12-15 23:03:15 ----A---- C:\WINDOWS\setuplog.txt
2008-12-15 23:02:32 ----D---- C:\WINDOWS\system32\Setup
2008-12-15 23:02:32 ----D---- C:\Program Files\Messenger
2008-12-15 23:02:31 ----D---- C:\WINDOWS\system32\wbem
2008-12-15 23:02:30 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 22:55:55 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-15 22:13:11 ----D---- C:\WINDOWS\security
2008-12-15 22:02:22 ----D---- C:\WINDOWS\WinSxS
2008-12-15 22:01:54 ----D---- C:\WINDOWS\ime
2008-12-15 22:01:54 ----D---- C:\WINDOWS\Help
2008-12-15 22:01:33 ----D---- C:\WINDOWS\system32\usmt
2008-12-15 22:01:31 ----D---- C:\Program Files\Internet Explorer
2008-12-15 22:01:29 ----D---- C:\WINDOWS\PeerNet
2008-12-15 22:01:29 ----D---- C:\Program Files\Movie Maker
2008-12-15 21:56:38 ----D---- C:\WINDOWS\system32\Restore
2008-12-15 21:56:38 ----D---- C:\WINDOWS\system32\npp
2008-12-15 21:56:37 ----D---- C:\WINDOWS\mui
2008-12-15 21:56:35 ----D---- C:\WINDOWS\msagent
2008-12-15 21:56:33 ----D---- C:\WINDOWS\srchasst
2008-12-15 21:56:32 ----D---- C:\Program Files\NetMeeting
2008-12-15 21:56:30 ----D---- C:\WINDOWS\system32\Com
2008-12-15 21:56:27 ----D---- C:\Program Files\Windows Media Player
2008-12-15 21:56:26 ----D---- C:\Program Files\Windows NT
2008-12-15 21:56:26 ----D---- C:\Program Files\Outlook Express
2008-12-15 21:56:23 ----D---- C:\Program Files\Common Files\System
2008-12-15 21:55:58 ----D---- C:\WINDOWS\system32\oobe
2008-12-15 21:55:56 ----D---- C:\WINDOWS\system
2008-12-15 21:51:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-15 21:46:19 ----D---- C:\WINDOWS\ehome
2008-12-15 21:12:26 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 23:54:58 ----D---- C:\Downloads
2008-12-14 08:15:02 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-14 08:14:39 ----D---- C:\Program Files\ScanSoft
2008-12-14 08:14:36 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-12-14 08:07:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 08:07:43 ----A---- C:\WINDOWS\win.ini
2008-12-14 08:03:33 ----D---- C:\WINDOWS\twain_32
2008-12-14 08:03:32 ----D---- C:\Program Files\Canon
2008-12-14 08:02:06 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-01 20:11:06 ----A---- C:\WINDOWS\ODBC.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-11-03 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-11-03 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-22 311680]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-22 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-11-22 50176]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-03-31 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-03-31 55936]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-29 1035264]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-22 27264]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Airgo;Belkin Wireless Pre-N Notebook Network Driver; C:\WINDOWS\system32\DRIVERS\wnihdd51.sys [2004-08-13 753664]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-22 27136]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\WINDOWS\system32\DRIVERS\MXOFX.SYS [2003-10-10 32640]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2004-10-07 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver; C:\WINDOWS\system32\DRIVERS\netusbxp.sys [2002-02-20 72576]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WNIPROT5;WNIPROT5 Protocol Driver; \??\C:\WINDOWS\System32\WNIPROT5.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-29 360448]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-15 152984]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-12-03 170640]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-11-22 155648]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-12 451136]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-11-22 864256]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-11-22 233472]
S2 RoxUpnpServer;RoxUpnpServer; C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [2005-11-21 409600]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2003-03-31 19456]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 RoxUPnPRenderer;RoxUpnpRenderer; C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-11-21 45056]
S3 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 24 December 2008 - 10:53 AM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



After that, lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Ed Levy

Ed Levy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 25 December 2008 - 12:23 AM

I did the Hijack This fix and the OTCleanIt. We are leaving tomorrow before dawn until New Years. I will review the articles you mentioned while we are gone (unfortunately Castle Cops had to close their site). When I get back, I will do the appropriate steps from the articles. Then I will get back to you. The computer's performance is definitely better now though. And WinAntiVirus does seem to be gone.

Thank you so much for your help. I will be making a donation after I get back and we close this thread.

Happy holidays,
Ed

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 25 December 2008 - 06:56 AM

You're welcome.. I'll leave this topic open for a few days waiting for your feedback :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users