Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijacked with the search, popups,


  • This topic is locked This topic is locked
4 replies to this topic

#1 kronic

kronic

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 19 December 2008 - 12:48 AM

whenever i search with google and begin browsing the onlin i get these popups or i would jus end up with the wrong search results. i did several searches with McAfee, avanquest pro and malwarebytes' anti-malware. which i found this

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/17/2008 12:20:14 PM
mbam-log-2008-12-17 (12-20-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 129380
Time elapsed: 1 hour(s), 36 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 1
Registry Data Items Infected: 16
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/winnt/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4bd0f504-1ccf-420c-bc6a-d42ebe134251}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4bd0f504-1ccf-420c-bc6a-d42ebe134251}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7919e8a-d73b-4bf8-b88e-c300ed1e7679}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7919e8a-d73b-4bf8-b88e-c300ed1e7679}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4bd0f504-1ccf-420c-bc6a-d42ebe134251}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4bd0f504-1ccf-420c-bc6a-d42ebe134251}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c7919e8a-d73b-4bf8-b88e-c300ed1e7679}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c7919e8a-d73b-4bf8-b88e-c300ed1e7679}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4bd0f504-1ccf-420c-bc6a-d42ebe134251}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c7919e8a-d73b-4bf8-b88e-c300ed1e7679}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c7919e8a-d73b-4bf8-b88e-c300ed1e7679}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.147;85.255.112.188 -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINNT\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINNT\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\Canon\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\Canon\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Canon\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINNT\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.





It seems like the scan didnt work so i repeated this about three times in safe mode.

Whenever i tried to open my C:\ I would get a message saying that C\resycled\boot.com cant be open . Neverthelesss i

tried going online and found that it could be solve by deleting autorun.inf, resycled and boot.com from the registry. which i

have tried and so far it seems to work.

BUt i keep getting these popups even after trying three different virus removers.

i tried COMBOFIX but i got an error say that my windows restore system file is missing and i have to download it

But i checked with my system info and version and i running on SP3. so wat could be the problem.

I tried doing a scan online with Kaspersky Online Scanner but then i got an error that " updating failed"

I Download and Run Random's System Information Tool (RSIT)

i hope that you seeing this will give me a solution to my problem

thanks.



Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-18 23:14:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (44%) free of 57 GB
Total RAM: 479 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15, on 2008-12-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\system32\cisvc.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\igfxtray.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\lxcrcoms.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\WINNT\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go-jamaica.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BD0F504-1CCF-420C-BC6A-D42EBE134251}: NameServer = 85.255.113.147;85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7919E8A-D73B-4BF8-B88E-C300ED1E7679}: NameServer = 85.255.113.147;85.255.112.188
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.147;85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.147;85.255.112.188
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcr_device - - C:\WINNT\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe

--
End of file - 10964 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Check Updates for Windows Live Toolbar.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
C:\WINNT\tasks\Low Battery Alarm Program.job
C:\WINNT\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-11 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-30 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-11 2554944]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-07-10 114688]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-10-30 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-10-30 499712]
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2003-07-10 155648]
"SunKist"=C:\Program Files\Digital Media Reader\shwicon2k.exe [2004-05-26 139264]
"Gateway Extended Warranty"=C:\Program Files\Gateway\GWCares\GWCares.exe [2004-02-08 73728]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]
"SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816]
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2007-01-11 291760]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-12-11 82864]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-12-11 295856]
"LXCRCATS"=rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-11 68856]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0d58d57]
C:\WINNT\system32\xbynxlek.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07AXLRD_18842375]
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE [2006-06-10 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07AXLRD_5209250]
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE [2006-06-10 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-13 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-06-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-10-10 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe [2007-02-22 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-07-10 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINNT\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Filetopia3\Filetopia.exe"="C:\Filetopia3\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINNT\system32\hkflrdkf.exe"="C:\WINNT\system32\hkfl"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\WINNT\system32\lxcrcoms.exe"="C:\WINNT\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Avanquest\Fix-It\Fix-It.exe"="C:\Program Files\Avanquest\Fix-It\Fix-It.exe:*:Enabled:Fix-It Utilities 9 Professional"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-18 23:14:53 ----D---- C:\Program Files\trend micro
2008-12-18 23:14:51 ----D---- C:\rsit
2008-12-18 21:19:01 ----A---- C:\WINNT\system32\CF7989.exe
2008-12-18 21:18:53 ----D---- C:\32788R22FWJFW
2008-12-18 21:17:30 ----A---- C:\WINNT\system32\CF7689.exe
2008-12-18 21:17:27 ----A---- C:\Bug.txt
2008-12-18 21:17:25 ----A---- C:\WINNT\system32\cmd.execf
2008-12-18 20:30:55 ----D---- C:\ComboFix
2008-12-18 20:30:53 ----A---- C:\WINNT\system32\CF31320.exe
2008-12-18 20:30:53 ----A---- C:\WINNT\system32\CF31313.exe
2008-12-18 20:22:50 ----A---- C:\WINNT\system32\CF29703.exe
2008-12-18 20:16:01 ----A---- C:\WINNT\system32\CF28397.exe
2008-12-18 20:16:00 ----A---- C:\WINNT\system32\CF28400.exe
2008-12-18 20:01:40 ----A---- C:\WINNT\system32\CF25598.exe
2008-12-18 19:58:44 ----A---- C:\WINNT\system32\CF25014.exe
2008-12-18 19:58:44 ----A---- C:\WINNT\system32\CF25007.exe
2008-12-18 19:38:49 ----A---- C:\WINNT\system32\CF21128.exe
2008-12-18 19:19:55 ----A---- C:\WINNT\system32\CF17415.exe
2008-12-18 18:17:11 ----A---- C:\WINNT\system32\CF5133.exe
2008-12-18 18:15:36 ----A---- C:\WINNT\system32\CF4819.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\zip.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\VFIND.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\SWXCACLS.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\SWSC.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\SWREG.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\sed.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\NIRCMD.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\grep.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\fdsv.exe
2008-12-18 17:31:49 ----D---- C:\WINNT\ERDNT
2008-12-18 17:31:49 ----D---- C:\Qoobox
2008-12-18 17:31:48 ----A---- C:\WINNT\system32\CF28996.exe
2008-12-18 16:38:02 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-17 10:40:03 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-12-17 10:39:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 10:39:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-15 23:04:03 ----A---- C:\WINNT\system32\msqpdxosvdbrsr.dll
2008-12-14 20:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2008-12-11 05:48:55 ----HDC---- C:\WINNT\$NtUninstallKB955839$
2008-12-11 05:24:40 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
2008-12-11 05:20:46 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2008-12-10 04:50:17 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2008-12-05 05:31:34 ----A---- C:\WINNT\system32\javaws.exe
2008-12-05 05:31:34 ----A---- C:\WINNT\system32\javaw.exe
2008-12-05 05:31:34 ----A---- C:\WINNT\system32\java.exe
2008-11-21 19:21:17 ----A---- C:\WINNT\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2008-12-18 23:14:53 ----RD---- C:\Program Files
2008-12-18 23:09:02 ----D---- C:\WINNT\Temp
2008-12-18 22:56:33 ----D---- C:\WINNT\Help
2008-12-18 22:42:32 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 21:21:05 ----D---- C:\WINNT\system32\drivers
2008-12-18 21:19:01 ----AD---- C:\WINNT\system32
2008-12-18 20:33:38 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-18 20:31:05 ----A---- C:\WINNT\system32\MPFServiceFailureCount.txt
2008-12-18 17:45:33 ----AD---- C:\WINNT
2008-12-18 17:31:48 ----D---- C:\WINNT\Prefetch
2008-12-18 17:23:11 ----HD---- C:\_Backup
2008-12-18 17:06:50 ----SHD---- C:\System Volume Information
2008-12-18 17:06:50 ----D---- C:\WINNT\system32\Restore
2008-12-18 16:50:12 ----SD---- C:\WINNT\Downloaded Program Files
2008-12-18 16:37:52 ----D---- C:\WINNT\system32\CatRoot2
2008-12-18 16:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-18 16:20:38 ----D---- C:\SDFix
2008-12-18 15:57:08 ----RSHD---- C:\WINNT\system32\dllcache
2008-12-18 15:57:08 ----A---- C:\WINNT\ntbtlog.txt
2008-12-18 11:23:41 ----ASH---- C:\boot.ini
2008-12-18 11:23:40 ----A---- C:\WINNT\win.ini
2008-12-18 11:23:40 ----A---- C:\WINNT\system.ini
2008-12-18 10:14:35 ----SHD---- C:\WINNT\Installer
2008-12-18 10:08:25 ----HD---- C:\Config.Msi
2008-12-18 05:26:44 ----D---- C:\Program Files\Common Files
2008-12-18 05:12:26 ----D---- C:\VundoFix Backups
2008-12-18 05:10:50 ----D---- C:\Downloads
2008-12-17 20:00:50 ----D---- C:\WINNT\network diagnostic
2008-12-17 13:49:34 ----HD---- C:\WINNT\inf
2008-12-17 10:33:07 ----A---- C:\VundoFix.txt
2008-12-17 04:08:01 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-17 04:08:01 ----D---- C:\Program Files\Gateway
2008-12-17 04:07:17 ----D---- C:\Program Files\Canon
2008-12-17 04:02:52 ----D---- C:\WINNT\system32\config
2008-12-17 03:57:47 ----SD---- C:\WINNT\system32\Microsoft
2008-12-17 03:51:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-17 03:51:32 ----DC---- C:\WINNT\system32\DRVSTORE
2008-12-17 03:47:49 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-12-17 01:22:44 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-17 01:03:47 ----D---- C:\WINNT\WinSxS
2008-12-15 23:14:35 ----A---- C:\WINNT\NeroDigital.ini
2008-12-15 02:14:55 ----D---- C:\temp
2008-12-15 02:14:23 ----D---- C:\DMI
2008-12-12 06:05:35 ----D---- C:\WINNT\pss
2008-12-11 05:49:10 ----A---- C:\WINNT\imsins.BAK
2008-12-11 05:29:28 ----D---- C:\Program Files\Internet Explorer
2008-12-11 05:28:40 ----D---- C:\WINNT\ie7updates
2008-12-11 05:27:26 ----HD---- C:\WINNT\$hf_mig$
2008-12-10 04:49:45 ----D---- C:\WINNT\system32\CatRoot
2008-12-09 18:24:37 ----A---- C:\WINNT\system32\MRT.exe
2008-12-08 19:10:57 ----SHD---- C:\RECYCLER
2008-12-08 17:26:53 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-08 17:16:55 ----D---- C:\Program Files\Windows Media Player
2008-12-05 05:31:29 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINNT\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 incdrm;InCD Reader; C:\WINNT\system32\drivers\incdrm.sys [2006-03-23 33536]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFIREWL;MPFIREWL; C:\WINNT\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 sbaphd;sbaphd; C:\WINNT\system32\drivers\sbaphd.sys [2008-07-18 13360]
R2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys [2004-06-23 8552]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.7; C:\WINNT\System32\DRIVERS\mdc8021x.sys [2004-06-23 15781]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2002-12-11 11044]
R2 RPSKT;Security Services Driver (x86); C:\WINNT\System32\DRIVERS\rp_skt32.sys [2007-03-06 55296]
R2 sbapifs;sbapifs; C:\WINNT\system32\drivers\sbapifs.sys [2008-07-18 68912]
R2 StreamDispatcher;StreamDispatcher; C:\WINNT\System32\DRIVERS\strmdisp.sys [2003-05-01 30592]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-08-03 120094]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-08-03 96858]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINNT\System32\DRIVERS\bcmwl5.sys [2004-04-09 312960]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINNT\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 CAMCAUD;Conexant AMC Audio; C:\WINNT\system32\drivers\camcaud.sys [2003-09-26 291712]
R3 CAMCHALA;CAMCHALA; C:\WINNT\system32\drivers\camchal.sys [2003-09-26 272128]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-05-01 1107200]
R3 HSFHWICH;HSFHWICH; C:\WINNT\System32\DRIVERS\HSFHWICH.sys [2003-05-01 165504]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINNT\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RPPKT;Radialpoint Filter (x86); C:\WINNT\System32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 SynTP;Synaptics TouchPad Driver; C:\WINNT\System32\DRIVERS\SynTP.sys [2003-10-30 178432]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-05-01 622848]
R4 InCDfs;InCD File System; C:\WINNT\system32\drivers\InCDfs.sys [2006-03-23 102016]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EMCFILT;Alcor Micro Corp for Emachine- 9361; \??\C:\WINNT\System32\Drivers\EMcFilt.sys []
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SBRE;SBRE; \??\C:\WINNT\system32\drivers\SBREdrv.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINNT\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 USBModem;LGE Mobile USB Modem; C:\WINNT\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Fix-It Task Manager;Fix-It Task Manager; C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe [2008-09-25 161024]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-30 168432]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128]
R2 lxcr_device;lxcr_device; C:\WINNT\system32\lxcrcoms.exe [2006-12-11 537520]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SBAMSvc;Sunbelt VIPRE Antivirus Service; C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe [2008-08-05 849192]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINNT\wanmpsvc.exe [2003-01-10 65536]
R2 WLTRYSVC;WLTRYSVC; C:\WINNT\System32\wltrysvc.exe [2004-04-09 45056]
S16 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
S2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINNT\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------





MY INFO NOTES......


info.txt logfile of random's system information tool 1.05 2008-12-18 23:15:12

======Uninstall list======

-->C:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
-->C:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
-->C:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AbsoluteShield File Shredder-->"C:\Program Files\SysShield Tools\File Shredder\unins000.exe"
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Ahead Nero BurnRights-->C:\WINNT\UNNeroBurnRights.exe /UNINSTALL
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20030807.3)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
BCM Wireless Network Adapter-->C:\WINNT\system32\BCMWLU00.exe verbose
Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1500-->C:\WINNT\System32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINNT\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINNT\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINNT\BJPSUNST.EXE
CD-ROM for M-SN Clinical Management-->C:\WINNT\IsUninst.exe -f"C:\WBSaunders\CD-ROM for M-SN Clinical Management\Uninst.isu"
Conexant AC-Link Audio-->CIAunwdm.exe
Convert MP3 to RingTone Evaluation Edition V1.0.0-->"C:\Program Files\Convert MP3 to RingTone\unins000.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A607AC66-0C76-4519-9751-E12A93BF8EB2}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
ESET Online Scanner-->C:\WINNT\system32\OnlineScannerUninstaller.exe
Filetopia Client v3.04d-->C:\FILETO~1\UNWISE.EXE C:\FILETO~1\INSTALL.LOG
Fix-It Utilities 9 Professional-->MsiExec.exe /I{5158974E-2D28-4018-9335-7694C2974746}
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Free Mp3 Wma Converter V 1.6.3-->"C:\Program Files\Free Audio Pack\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GWCares-->MsiExec.exe /I{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}
HijackThis 2.0.2-->"D:\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINNT\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
InCD-->C:\WINNT\NuNInst.exe /UNINSTALL
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LG Mobile Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D82B5F-B67F-40F8-B4D1-B0415AB2DD86}\setup.exe"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
McAfee Uninstall Wizard-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mplibwiz.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Premium 2007-->MsiExec.exe /I{07040081-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINNT\UNNeroVision.exe /UNINSTALL
Nero Media Player-->C:\WINNT\UNNMP.exe /UNINSTALL
NeroMIX-->C:\WINNT\UNNMIX.exe /UNINSTALL
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
OneClick Mobile Video Converter 1.5-->C:\Program Files\OneClick Mobile Video Converter\Uninst.exe
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\drmtool.inf,DefaultUninstall
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\audcle.inf,DefaultUninstall
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINNT\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINNT\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINNT\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINNT\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINNT\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINNT\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINNT\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINNT\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
SoftK56 Data Fax-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_202F161F\HXFSETUP.EXE -U -Iem202f5.inf
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Straight A's in Maternal-Neonatal Nursing-->C:\PROGRA~1\LWW\STRAIG~1\UNWISE32.EXE C:\PROGRA~1\LWW\STRAIG~1\INSTALL.LOG
Sympatico Security Advisor 1.5.11-->"C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe"
Sympatico Security Manager-->C:\Program Files\InstallShield Installation Information\{98C99357-67C9-407B-8361-626F6A0667EB}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins001.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mpxlswiz.inf,DefaultUninstall
Windows XP Service Pack 3-->"C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Install Manager-->C:\WINNT\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan (disabled) (outdated)
AV: Avanquest Fix-It (disabled) (outdated)
FW: McAfee Personal Firewall Plus (disabled)

System event log

Computer Name: S1101120446
Event Code: 256
Message: Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Record Number: 16582
Source Name: PlugPlayManager
Time Written: 20080709141104.000000-240
Event Type: warning
User:

Computer Name: S1101120446
Event Code: 256
Message: Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Record Number: 16581
Source Name: PlugPlayManager
Time Written: 20080709141104.000000-240
Event Type: warning
User:

Computer Name: S1101120446
Event Code: 256
Message: Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Record Number: 16580
Source Name: PlugPlayManager
Time Written: 20080709141104.000000-240
Event Type: warning
User:

Computer Name: S1101120446
Event Code: 256
Message: Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Record Number: 16579
Source Name: PlugPlayManager
Time Written: 20080709141104.000000-240
Event Type: warning
User:

Computer Name: S1101120446
Event Code: 256
Message: Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Record Number: 16578
Source Name: PlugPlayManager
Time Written: 20080709141103.000000-240
Event Type: warning
User:

Application event log

Computer Name: S1101120446
Event Code: 1904
Message:
Record Number: 7496
Source Name: HHCTRL
Time Written: 20080924184013.000000-240
Event Type: information
User:

Computer Name: S1101120446
Event Code: 1904
Message:
Record Number: 7495
Source Name: HHCTRL
Time Written: 20080924184013.000000-240
Event Type: information
User:

Computer Name: S1101120446
Event Code: 1904
Message:
Record Number: 7494
Source Name: HHCTRL
Time Written: 20080924184013.000000-240
Event Type: information
User:

Computer Name: S1101120446
Event Code: 1904
Message:
Record Number: 7493
Source Name: HHCTRL
Time Written: 20080924184013.000000-240
Event Type: information
User:

Computer Name: S1101120446
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 7492
Source Name: SecurityCenter
Time Written: 20080924081245.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:25 AM

Posted 19 December 2008 - 03:45 PM

Hello! :)
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


It sounds like a case of Zlob/DNSchanger that change the router's DNS settings. Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


===============================================


Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log, a new RSIT log, and let me know how things are running now :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 kronic

kronic
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 19 December 2008 - 10:50 PM

HEY SAM THANKS FOR THE RESPOND

I DOWNLOADED MALWAREBYTES' ANTI-MALWARE, RAN A QUICK SCAN AND CAME UP WITH THIS


Malwarebytes' Anti-Malware 1.31
Database version: 1519
Windows 5.1.2600 Service Pack 3

2008-12-19 02:04:15
mbam-log-2008-12-19 (02-04-15).txt

Scan type: Quick Scan
Objects scanned: 62492
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\msqpdxosvdbrsr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\drivers\msqpdxpqltoiqh.sys (Trojan.Agent) -> Quarantined and deleted successfully.


I ALSO RESTARTED MY ROUTER. BELOW IS THE RSIT LOG



Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-19 22:23:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (44%) free of 57 GB
Total RAM: 479 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23, on 2008-12-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\system32\cisvc.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\lxcrcoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\igfxtray.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\WINNT\System32\bcmwltry.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go-jamaica.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcr_device - - C:\WINNT\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe

--
End of file - 10637 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Check Updates for Windows Live Toolbar.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
C:\WINNT\tasks\Low Battery Alarm Program.job
C:\WINNT\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-11 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-30 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-11 2554944]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-07-10 114688]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-10-30 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-10-30 499712]
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2003-07-10 155648]
"SunKist"=C:\Program Files\Digital Media Reader\shwicon2k.exe [2004-05-26 139264]
"Gateway Extended Warranty"=C:\Program Files\Gateway\GWCares\GWCares.exe [2004-02-08 73728]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]
"SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816]
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2007-01-11 291760]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-12-11 82864]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-12-11 295856]
"LXCRCATS"=rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-11 68856]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0d58d57]
C:\WINNT\system32\xbynxlek.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07AXLRD_18842375]
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE [2006-06-10 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07AXLRD_5209250]
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE [2006-06-10 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-13 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-06-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-10-10 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe [2007-02-22 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-07-10 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINNT\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Filetopia3\Filetopia.exe"="C:\Filetopia3\Filetopia.exe:*:Enabled:Filetopia"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINNT\system32\hkflrdkf.exe"="C:\WINNT\system32\hkfl"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\WINNT\system32\lxcrcoms.exe"="C:\WINNT\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Avanquest\Fix-It\Fix-It.exe"="C:\Program Files\Avanquest\Fix-It\Fix-It.exe:*:Enabled:Fix-It Utilities 9 Professional"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-19 03:04:00 ----D---- C:\Program Files\ProcessExplorer
2008-12-18 23:14:53 ----D---- C:\Program Files\trend micro
2008-12-18 23:14:51 ----D---- C:\rsit
2008-12-18 21:19:01 ----A---- C:\WINNT\system32\CF7989.exe
2008-12-18 21:18:53 ----D---- C:\32788R22FWJFW
2008-12-18 21:17:30 ----A---- C:\WINNT\system32\CF7689.exe
2008-12-18 21:17:27 ----A---- C:\Bug.txt
2008-12-18 21:17:25 ----A---- C:\WINNT\system32\cmd.execf
2008-12-18 20:30:55 ----D---- C:\ComboFix
2008-12-18 20:30:53 ----A---- C:\WINNT\system32\CF31320.exe
2008-12-18 20:30:53 ----A---- C:\WINNT\system32\CF31313.exe
2008-12-18 20:22:50 ----A---- C:\WINNT\system32\CF29703.exe
2008-12-18 20:16:01 ----A---- C:\WINNT\system32\CF28397.exe
2008-12-18 20:16:00 ----A---- C:\WINNT\system32\CF28400.exe
2008-12-18 20:01:40 ----A---- C:\WINNT\system32\CF25598.exe
2008-12-18 19:58:44 ----A---- C:\WINNT\system32\CF25014.exe
2008-12-18 19:58:44 ----A---- C:\WINNT\system32\CF25007.exe
2008-12-18 19:38:49 ----A---- C:\WINNT\system32\CF21128.exe
2008-12-18 19:19:55 ----A---- C:\WINNT\system32\CF17415.exe
2008-12-18 18:17:11 ----A---- C:\WINNT\system32\CF5133.exe
2008-12-18 18:15:36 ----A---- C:\WINNT\system32\CF4819.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\zip.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\VFIND.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\SWXCACLS.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\SWSC.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\SWREG.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\sed.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\NIRCMD.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\grep.exe
2008-12-18 17:31:55 ----A---- C:\WINNT\fdsv.exe
2008-12-18 17:31:49 ----D---- C:\WINNT\ERDNT
2008-12-18 17:31:49 ----D---- C:\Qoobox
2008-12-18 17:31:48 ----A---- C:\WINNT\system32\CF28996.exe
2008-12-18 16:38:02 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-17 10:40:03 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-12-17 10:39:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 10:39:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 20:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2008-12-11 05:48:55 ----HDC---- C:\WINNT\$NtUninstallKB955839$
2008-12-11 05:24:40 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
2008-12-11 05:20:46 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2008-12-10 04:50:17 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2008-12-05 05:31:34 ----A---- C:\WINNT\system32\javaws.exe
2008-12-05 05:31:34 ----A---- C:\WINNT\system32\javaw.exe
2008-12-05 05:31:34 ----A---- C:\WINNT\system32\java.exe
2008-11-21 19:21:17 ----A---- C:\WINNT\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2008-12-19 21:38:25 ----D---- C:\WINNT\Temp
2008-12-19 21:19:37 ----D---- C:\Program Files\Mozilla Firefox
2008-12-19 17:32:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-19 12:22:25 ----HD---- C:\_Backup
2008-12-19 03:56:59 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-19 03:04:00 ----RD---- C:\Program Files
2008-12-19 02:54:26 ----AD---- C:\WINNT
2008-12-19 02:53:46 ----AD---- C:\WINNT\system32
2008-12-19 02:49:32 ----HD---- C:\WINNT\inf
2008-12-19 02:49:19 ----RSHD---- C:\WINNT\system32\dllcache
2008-12-19 02:49:14 ----D---- C:\WINNT\ie7updates
2008-12-19 02:47:39 ----HD---- C:\WINNT\$hf_mig$
2008-12-19 02:47:37 ----D---- C:\WINNT\system32\CatRoot2
2008-12-19 02:07:00 ----D---- C:\WINNT\system32\drivers
2008-12-19 01:14:52 ----A---- C:\WINNT\ntbtlog.txt
2008-12-18 22:56:33 ----D---- C:\WINNT\Help
2008-12-18 20:31:05 ----A---- C:\WINNT\system32\MPFServiceFailureCount.txt
2008-12-18 17:31:48 ----D---- C:\WINNT\Prefetch
2008-12-18 17:06:50 ----SHD---- C:\System Volume Information
2008-12-18 17:06:50 ----D---- C:\WINNT\system32\Restore
2008-12-18 16:50:12 ----SD---- C:\WINNT\Downloaded Program Files
2008-12-18 16:20:38 ----D---- C:\SDFix
2008-12-18 11:23:41 ----ASH---- C:\boot.ini
2008-12-18 11:23:40 ----A---- C:\WINNT\win.ini
2008-12-18 11:23:40 ----A---- C:\WINNT\system.ini
2008-12-18 10:14:35 ----SHD---- C:\WINNT\Installer
2008-12-18 10:08:25 ----HD---- C:\Config.Msi
2008-12-18 05:26:44 ----D---- C:\Program Files\Common Files
2008-12-18 05:12:26 ----D---- C:\VundoFix Backups
2008-12-18 05:10:50 ----D---- C:\Downloads
2008-12-18 01:36:41 ----A---- C:\WINNT\imsins.BAK
2008-12-17 20:00:50 ----D---- C:\WINNT\network diagnostic
2008-12-17 10:33:07 ----A---- C:\VundoFix.txt
2008-12-17 04:08:01 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-17 04:08:01 ----D---- C:\Program Files\Gateway
2008-12-17 04:07:17 ----D---- C:\Program Files\Canon
2008-12-17 04:02:52 ----D---- C:\WINNT\system32\config
2008-12-17 03:57:47 ----SD---- C:\WINNT\system32\Microsoft
2008-12-17 03:51:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-17 03:51:32 ----DC---- C:\WINNT\system32\DRVSTORE
2008-12-17 03:47:49 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-12-17 01:22:44 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-17 01:03:47 ----D---- C:\WINNT\WinSxS
2008-12-15 23:14:35 ----A---- C:\WINNT\NeroDigital.ini
2008-12-15 02:14:55 ----D---- C:\temp
2008-12-15 02:14:23 ----D---- C:\DMI
2008-12-13 01:40:02 ----A---- C:\WINNT\system32\mshtml.dll
2008-12-12 06:05:35 ----D---- C:\WINNT\pss
2008-12-11 05:29:28 ----D---- C:\Program Files\Internet Explorer
2008-12-10 04:49:45 ----D---- C:\WINNT\system32\CatRoot
2008-12-09 18:24:37 ----A---- C:\WINNT\system32\MRT.exe
2008-12-08 19:10:57 ----SHD---- C:\RECYCLER
2008-12-08 17:26:53 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-08 17:16:55 ----D---- C:\Program Files\Windows Media Player
2008-12-05 05:31:29 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINNT\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 incdrm;InCD Reader; C:\WINNT\system32\drivers\incdrm.sys [2006-03-23 33536]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFIREWL;MPFIREWL; C:\WINNT\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 sbaphd;sbaphd; C:\WINNT\system32\drivers\sbaphd.sys [2008-07-18 13360]
R2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys [2004-06-23 8552]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.7; C:\WINNT\System32\DRIVERS\mdc8021x.sys [2004-06-23 15781]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2002-12-11 11044]
R2 RPSKT;Security Services Driver (x86); C:\WINNT\System32\DRIVERS\rp_skt32.sys [2007-03-06 55296]
R2 sbapifs;sbapifs; C:\WINNT\system32\drivers\sbapifs.sys [2008-07-18 68912]
R2 StreamDispatcher;StreamDispatcher; C:\WINNT\System32\DRIVERS\strmdisp.sys [2003-05-01 30592]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-08-03 120094]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-08-03 96858]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINNT\System32\DRIVERS\bcmwl5.sys [2004-04-09 312960]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINNT\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 CAMCAUD;Conexant AMC Audio; C:\WINNT\system32\drivers\camcaud.sys [2003-09-26 291712]
R3 CAMCHALA;CAMCHALA; C:\WINNT\system32\drivers\camchal.sys [2003-09-26 272128]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-05-01 1107200]
R3 HSFHWICH;HSFHWICH; C:\WINNT\System32\DRIVERS\HSFHWICH.sys [2003-05-01 165504]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINNT\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RPPKT;Radialpoint Filter (x86); C:\WINNT\System32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 SynTP;Synaptics TouchPad Driver; C:\WINNT\System32\DRIVERS\SynTP.sys [2003-10-30 178432]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-05-01 622848]
R4 InCDfs;InCD File System; C:\WINNT\system32\drivers\InCDfs.sys [2006-03-23 102016]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EMCFILT;Alcor Micro Corp for Emachine- 9361; \??\C:\WINNT\System32\Drivers\EMcFilt.sys []
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SBRE;SBRE; \??\C:\WINNT\system32\drivers\SBREdrv.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINNT\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 USBModem;LGE Mobile USB Modem; C:\WINNT\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Fix-It Task Manager;Fix-It Task Manager; C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe [2008-09-25 161024]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-30 168432]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128]
R2 lxcr_device;lxcr_device; C:\WINNT\system32\lxcrcoms.exe [2006-12-11 537520]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
R2 SBAMSvc;Sunbelt VIPRE Antivirus Service; C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe [2008-08-05 849192]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINNT\wanmpsvc.exe [2003-01-10 65536]
R2 WLTRYSVC;WLTRYSVC; C:\WINNT\System32\wltrysvc.exe [2004-04-09 45056]
S16 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINNT\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


EVERYTHING SO FAR SEEMS TO BE WORKING AS BEFORE OR EVEN BETTER

THANKS ALOT FOR YOUR HELP AND SUPPORT. KEEP UP THE GOOD WORK

KRONIC..


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:25 AM

Posted 20 December 2008 - 12:45 PM

Sounds good. Your log looks clean to me! :)


Follow this process to uninstall Combofix.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:25 AM

Posted 30 December 2008 - 10:53 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users