Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Toolbar 7.1 in IE6 - Zlob?


  • This topic is locked This topic is locked
15 replies to this topic

#1 car377

car377

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 31 December 2008 - 06:20 PM

Hi,

Looks like this might be a ZLOB infestation - suddenly we have a new toolbar, "Security Toolbar 7.1" in IE6, and home page reverted to "about:blank". Affects FireFox to a lesser extent, no toolbar, but messed up home page setting. We've quit using IE, and hoping to get some help cleaning this up. Below is the DDS output.

Thanks!
Chuck

-----------


DDS (Version 1.1.0) - NTFSx86
Run by Charles at 12:10:37.27 on Wed 12/31/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3710.2898 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\VPNremote for Windows XP\AvVpnService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\snmvtsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Updater.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Charles\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = nj.proxy.avaya.com:8000
uInternet Settings,ProxyOverride = *.avaya.com;135.9.49.118;135.9.49.72;;*.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Aim6]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [iRiver Updater] \Updater.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PC Pitstop Optimize Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mExplorerRun: [start] c:\program files\applications\iebtm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.tryoutietool.com/redirect.php
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charles\applic~1\mozilla\firefox\profiles\lyqnt1aq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 avipsec;Avaya IPSEC Driver;c:\windows\system32\drivers\avipsec.sys [2005-8-1 85504]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-4 201320]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R1 VProtocol;AVAYA VPNet VProtocol;c:\windows\system32\drivers\vproto2k.sys [2005-8-1 14336]
R2 AvService;Avaya VPN Service;c:\program files\vpnremote for windows xp\AvVpnService.exe [2005-8-1 53248]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-4 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-9-4 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-12-25 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-4 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-4 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-4 33832]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-2-12 3768]
R3 ndisva;Avaya VPNet Virtual Adapter Driver;c:\windows\system32\drivers\vadapter.sys [2005-8-1 12288]
R3 SoundMovieServer;SoundMovieServer;"c:\windows\system32\snmvtsvc.exe" [2008-9-29 200704]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-4 33752]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-4 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-4 695624]

=============== Created Last 30 ================

2008-12-24 16:29 <DIR> --d----- c:\windows\.jagex_cache_32
2008-12-23 17:58 56 a---h--- c:\windows\system32\ezsidmv.dat
2008-12-23 17:56 <DIR> --d----- c:\program files\Skype
2008-12-23 17:38 628,760 a----r-- c:\windows\system32\drivers\lvrs.sys
2008-12-23 17:38 25,056 a----r-- c:\windows\system32\Repository.reg
2008-12-23 17:37 490,008 a----r-- c:\windows\system32\LVUI2.dll
2008-12-23 17:37 465,432 a----r-- c:\windows\system32\LVUI2RC.dll
2008-12-23 17:37 416,280 a----r-- c:\windows\system32\lvcodec2.dll
2008-12-23 17:37 195,096 a----r-- c:\windows\system32\lvci11701196.dll
2008-12-23 17:37 66,482 a----r-- c:\windows\system32\lvcoinst.ini
2008-12-23 17:37 41,752 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
2008-12-23 17:37 4,658,456 a----r-- c:\windows\system32\drivers\lvuvc.sys
2008-12-23 17:37 23,832 a----r-- c:\windows\system32\drivers\lvuvcflt.sys
2008-12-23 17:11 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-12-19 21:44 <DIR> --d----- c:\docume~1\charles\applic~1\Canneverbe_Limited

==================== Find3M ====================

2008-12-25 22:33 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-07-07 21:11 61,224 a------- c:\documents and settings\charles\GoToAssistDownloadHelper.exe

============= FINISH: 12:11:31.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:26 PM

Posted 10 January 2009 - 11:09 PM

Hello car377,

As you most likely are aware, the HJT forum is super-busy. If you are still having issues, please do the following.

1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=
3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

=
4. Please download & save Malwarebytes Anti-Malware from
http://www.download.com/Malwarebytes-Anti-..._4-10804572.htm or
http://www.besttechie.net/tools/mbam-setup.exe or
http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


=

5. Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

I'll also need the MBAM report, and the contents of Log.txt and Info.txt (from above).
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You'll likely have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 January 2009 - 02:15 PM

Thank you for your help - I will follow the instructions and reply again, as soon as my home network is back up, probably tomorrow.

Best regards,
Chuck

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:26 PM

Posted 11 January 2009 - 03:01 PM

Kindly keep in mind that, during weekdays, I usually only have time to make replies late in the evening.
And at times, it may be a full day before I am able to get back to you.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 07 February 2009 - 01:15 PM

I finally got my home network repaired and can proceed. Below is the MBAM logfile contents. I'll put the RSIT file contents in the next reply.

Thanks!
Chuck

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 2

2/7/2009 11:03:37 AM
mbam-log-2009-02-07 (11-03-37).txt

Scan type: Quick Scan
Objects scanned: 73133
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

#6 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 07 February 2009 - 01:21 PM

Interesting: when I did "Add Reply" to submit the previous article with the MBAM logfile in it, all the page formatting went away. Maybe Firefox doesn't really like Bleeping Computer formatting? ;-) At least I still have the frame for this box, so I can enter the RSIT information.

Thanks,
Chuck

info.txt logfile of random's system information tool 1.05 2009-02-07 11:08:06

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Boson NetSim LE for Cisco Press INTRO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C7277572-F82C-4AA7-8E02-9D08299EC242}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Cisco Press CCNA INTRO Test-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{66EACC38-C104-4CEF-AFC7-DEEC4C1C46ED}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cucusoft Ultimate DVD + Video Converter Suite 7.7.7.6-->"C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell DJ Explorer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 5.0.0 (630)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DVD43 v3.9.0-->"C:\Program Files\dvd43\unins000.exe"
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 960c series (Remove only)-->C:\Program Files\hp deskjet 960c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=960c -huninstall
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Software v9.2.4.11-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iriver Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
iRiver Updater-->\uninst.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{6444D9D9-CD6C-4464-B970-55C606C944DC}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MechWarrior 4 Mercenaries-->"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo-->"C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Napster 3.5 MP3 Encoder-->MsiExec.exe /X{708F9BEF-2B8C-421D-813E-8CA9EA29B1B8}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Ghost 9.0-->MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PuTTY version 0.60-->"C:\Program Files\PuTTY\unins000.exe"
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Red Faction II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E074FB23-D61B-4C6A-AD15-AB9695ED2EF7}\setup.exe" -l0x9
RedEye (remove only)-->"C:\Program Files\RedEye\uninstall.exe"
Registrar Lite 2.00-->"C:\Program Files\Registrar Lite\unwise.exe" C:\PROGRA~1\REGIST~1\INSTALL.LOG
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony DVD Architect Pro 4.5-->MsiExec.exe /X{5E9C5450-8011-41E0-8725-4F0BD66B81AE}
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SoundTaxi 3.5.4-->"C:\Program Files\SoundTaxi\unins000.exe"
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
VNC Free Edition 4.1.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VPNremote for Windows XP-->C:\Program Files\VPNremote for Windows XP\Uninst2k.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
WebEx Recorder and Player-->MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinSCP 3.7.4-->"C:\Program Files\WinSCP3\unins000.exe"
WinZip-->MsiExec.exe /I{CFF2EFE6-C2B7-4CB2-B278-D2755C7553C2}
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

=====HijackThis Backups=====

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: ROGERS5100
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.

Record Number: 79534
Source Name: Service Control Manager
Time Written: 20090201192153.000000-420
Event Type: information
User:

Computer Name: ROGERS5100
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.

Record Number: 79533
Source Name: Service Control Manager
Time Written: 20090201192153.000000-420
Event Type: information
User: ROGERS5100\Jeremy

Computer Name: ROGERS5100
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.

Record Number: 79532
Source Name: Service Control Manager
Time Written: 20090201192147.000000-420
Event Type: information
User:

Computer Name: ROGERS5100
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.

Record Number: 79531
Source Name: Service Control Manager
Time Written: 20090201192144.000000-420
Event Type: information
User:

Computer Name: ROGERS5100
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.

Record Number: 79530
Source Name: Service Control Manager
Time Written: 20090201192144.000000-420
Event Type: information
User: ROGERS5100\Jeremy

Application event log

Computer Name: ROGERS5100
Event Code: 4
Message:
Record Number: 6085
Source Name: (MSN/Windows) Messenger Service
Time Written: 20080420150509.000000-360
Event Type: information
User:

Computer Name: ROGERS5100
Event Code: 4
Message:
Record Number: 6084
Source Name: (MSN/Windows) Messenger Service
Time Written: 20080420141247.000000-360
Event Type: information
User:

Computer Name: ROGERS5100
Event Code: 4
Message:
Record Number: 6083
Source Name: (MSN/Windows) Messenger Service
Time Written: 20080420134558.000000-360
Event Type: information
User:

Computer Name: ROGERS5100
Event Code: 4
Message:
Record Number: 6082
Source Name: (MSN/Windows) Messenger Service
Time Written: 20080420103102.000000-360
Event Type: information
User:

Computer Name: ROGERS5100
Event Code: 4
Message:
Record Number: 6081
Source Name: (MSN/Windows) Messenger Service
Time Written: 20080420100608.000000-360
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------



Logfile of random's system information tool 1.05 (written by random/random)
Run by Charles at 2009-02-07 11:07:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (13%) free of 73 GB
Total RAM: 3710 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:03, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\VPNremote for Windows XP\AvVpnService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Updater.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\dvd43\dvd43_tray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Charles.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nj.proxy.avaya.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.avaya.com;135.9.49.118;135.9.49.72;;*.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07D06F79-BEA3-4676-9F8E-7C7067B96C76} (Avaya PhoneInterface Control) - http://135.9.49.118:9080/1xp/portalclient/...neInterface.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {90D7EA0F-6776-4D1A-BCC9-E8CC24B43B6F} (Avaya1XPMsgRecorder.MsgRecorderCtrl10) - http://135.9.49.118:9080/1xp/portalclient/...cedRecorder.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avaya VPN Service (AvService) - Unknown owner - C:\Program Files\VPNremote for Windows XP\AvVpnService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 13921 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-16 652784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-07-29 1122304]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"iRiver Updater"=\Updater.exe [2004-07-01 212992]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-12-14 196608]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2006-05-22 694272]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2006-01-19 110592]
"PC Pitstop Optimize Reminder"=C:\Program Files\PCPitstop\Optimize2\Reminder.exe []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-02-13 564496]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-02-13 2196240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-20 443968]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-20 1207080]
"Aim6"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-01-19 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2006-01-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsSecurity1.209.4"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

======List of files/folders created in the last 3 months======

2009-02-07 10:27:32 ----D---- C:\Documents and Settings\Charles\Application Data\Malwarebytes
2009-02-07 10:27:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-07 10:27:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-05 21:31:05 ----HD---- C:\WINDOWS\PIF
2009-01-26 08:39:09 ----D---- C:\Documents and Settings\Charles\Application Data\HP
2009-01-26 08:35:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-01-26 08:28:39 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-01-26 08:26:43 ----D---- C:\Program Files\Common Files\HP
2009-01-26 08:24:12 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-01-26 08:23:14 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-01-26 08:23:12 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-01-26 08:23:03 ----RA---- C:\WINDOWS\system32\hpowiax2.dll
2009-01-26 08:23:03 ----RA---- C:\WINDOWS\system32\hpovst09.dll
2009-01-26 08:23:03 ----RA---- C:\WINDOWS\system32\hpotiop2.dll
2009-01-26 08:22:52 ----A---- C:\WINDOWS\system32\AddPort.ini
2009-01-26 08:22:36 ----A---- C:\WINDOWS\hpntwksetup.ini
2009-01-26 08:21:42 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-01-26 08:21:42 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-01-26 08:21:42 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-01-26 08:21:42 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-01-26 08:21:42 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-01-26 08:21:42 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-01-26 08:20:52 ----D---- C:\Program Files\HP
2009-01-21 15:41:04 ----D---- C:\Program Files\Guitar Pro 5
2008-12-24 16:29:55 ----D---- C:\WINDOWS\.jagex_cache_32
2008-12-23 17:58:31 ----D---- C:\Documents and Settings\Charles\Application Data\skypePM
2008-12-23 17:56:28 ----D---- C:\Documents and Settings\Charles\Application Data\Skype
2008-12-23 17:56:00 ----D---- C:\Program Files\Skype
2008-12-23 17:56:00 ----D---- C:\Program Files\Common Files\Skype
2008-12-23 17:55:52 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-12-23 17:37:53 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2008-12-23 17:37:53 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2008-12-23 17:37:53 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2008-12-23 17:37:53 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2008-12-23 17:37:53 ----RA---- C:\WINDOWS\system32\lvci11701196.dll
2008-12-23 17:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-12-23 17:35:18 ----D---- C:\Program Files\Common Files\LogiShrd
2008-12-23 17:11:49 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-23 17:08:49 ----D---- C:\Program Files\Logitech
2008-12-23 17:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-12-19 21:44:38 ----D---- C:\Documents and Settings\Charles\Application Data\Canneverbe_Limited
2008-12-19 21:44:15 ----D---- C:\Program Files\CDBurnerXP
2008-11-17 17:30:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-17 17:30:27 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-17 17:30:27 ----A---- C:\WINDOWS\system32\java.exe
2008-11-14 21:29:11 ----D---- C:\Program Files\Power Tab Software

======List of files/folders modified in the last 3 months======

2009-02-07 11:07:57 ----D---- C:\rsit
2009-02-07 11:06:14 ----D---- C:\WINDOWS\Prefetch
2009-02-07 11:03:37 ----RD---- C:\Program Files
2009-02-07 11:03:36 ----D---- C:\WINDOWS\TEMP
2009-02-07 10:27:30 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 10:18:10 ----D---- C:\Program Files\Mozilla Firefox
2009-02-07 05:20:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-07 05:09:53 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-02-07 05:09:50 ----D---- C:\WINDOWS
2009-02-07 00:04:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-06 23:58:43 ----D---- C:\WINDOWS\system32
2009-02-06 23:34:12 ----A---- C:\WINDOWS\lviewpro.ini
2009-02-06 08:49:07 ----D---- C:\Program Files\VPNremote for Windows XP
2009-02-02 08:39:00 ----SD---- C:\WINDOWS\Tasks
2009-02-01 19:19:41 ----D---- C:\Program Files\Napster
2009-01-27 19:30:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-26 08:43:15 ----HD---- C:\WINDOWS\inf
2009-01-26 08:39:18 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-26 08:38:55 ----SHD---- C:\WINDOWS\Installer
2009-01-26 08:38:55 ----SHD---- C:\Config.Msi
2009-01-26 08:38:30 ----A---- C:\WINDOWS\win.ini
2009-01-26 08:38:21 ----D---- C:\safe_desktop
2009-01-26 08:30:40 ----A---- C:\WINDOWS\wininit.ini
2009-01-26 08:29:44 ----RSD---- C:\WINDOWS\assembly
2009-01-26 08:28:35 ----RSD---- C:\WINDOWS\Fonts
2009-01-26 08:26:43 ----D---- C:\Program Files\Common Files
2009-01-26 08:24:45 ----D---- C:\WINDOWS\twain_32
2009-01-26 08:23:24 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-26 08:22:21 ----D---- C:\temp
2009-01-13 17:36:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-12 22:41:13 ----SHD---- C:\RECYCLER
2009-01-12 21:34:00 ----D---- C:\WINDOWS\system32\spool
2009-01-12 21:04:04 ----D---- C:\WINDOWS\Help
2009-01-03 12:28:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-24 16:37:21 ----D---- C:\.jagex_cache_32
2008-12-23 17:37:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-24 18:15:35 ----D---- C:\Program Files\Applications
2008-11-24 17:19:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-24 17:15:29 ----D---- C:\WINDOWS\Minidump
2008-11-17 17:30:25 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-08-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-08-19 2560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 46779]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 VProtocol;AVAYA VPNet VProtocol; C:\WINDOWS\system32\DRIVERS\vproto2k.sys [2005-09-13 14336]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-30 1035264]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2007-06-21 18816]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-02-05 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-02-05 628760]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-02-05 41752]
R3 LVUVC;Logitech QuickCam S7500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-02-05 4658456]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-12-28 3768]
R3 ndisva;Avaya VPNet Virtual Adapter Driver; C:\WINDOWS\system32\DRIVERS\vadapter.sys [2005-09-13 12288]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-09-12 23096]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-02-05 23832]
S3 Jukebox;Jukebox; C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys [2004-09-29 16752]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2008-02-05 689176]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-30 360448]
R2 AvService;Avaya VPN Service; C:\Program Files\VPNremote for Windows XP\AvVpnService.exe [2005-09-13 53248]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2004-07-29 53248]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-16 168432]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-02-05 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-02-05 150040]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-07-29 1269760]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2005-03-11 455632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-02-05 141848]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-18 658432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2008-09-12 200704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#7 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 19 February 2009 - 11:01 PM

Here's an updated DDS run, if anyone can fit this in. Symptoms are the same - not using IE anymore because of highjacking URLs, unwanted toolbar, etc., and Firefox still seems stable and uninfested. Thanks for any help!

Chuck


DDS (Ver_09-02-01.01) - NTFSx86
Run by Charles at 20:17:26.70 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3710.3008 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\VPNremote for Windows XP\AvVpnService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\snmvtsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Updater.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles\Desktop\dds.scr
C:\WINDOWS\system32\HPZinw12.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = nj.proxy.avaya.com:8000
uInternet Settings,ProxyOverride = *.avaya.com;135.9.49.118;135.9.49.72;;*.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Aim6]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [iRiver Updater] \Updater.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PC Pitstop Optimize Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {07D06F79-BEA3-4676-9F8E-7C7067B96C76} - hxxp://135.9.49.118:9080/1xp/portalclient/lib/AvayaPhoneInterface.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {90D7EA0F-6776-4D1A-BCC9-E8CC24B43B6F} - hxxp://135.9.49.118:9080/1xp/portalclient/lib/AvayaEnhancedRecorder.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charles\applic~1\mozilla\firefox\profiles\lyqnt1aq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 avipsec;Avaya IPSEC Driver;c:\windows\system32\drivers\avipsec.sys [2005-8-1 85504]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-4 201320]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R1 VProtocol;AVAYA VPNet VProtocol;c:\windows\system32\drivers\vproto2k.sys [2005-8-1 14336]
R2 AvService;Avaya VPN Service;c:\program files\vpnremote for windows xp\AvVpnService.exe [2005-8-1 53248]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-4 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-9-4 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-25 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-4 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-4 35240]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-2-12 3768]
R3 ndisva;Avaya VPNet Virtual Adapter Driver;c:\windows\system32\drivers\vadapter.sys [2005-8-1 12288]
R3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-9-29 200704]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-4 33752]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-4 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-4 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-4 695624]

=============== Created Last 30 ================

2009-02-07 11:29 50,688 a------- C:\ATF-Cleaner.exe
2009-02-07 10:27 <DIR> --d----- c:\docume~1\charles\applic~1\Malwarebytes
2009-02-07 10:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-07 10:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-07 10:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-05 21:31 <DIR> --d-h--- c:\windows\PIF
2009-01-26 08:26 <DIR> --d----- c:\program files\common files\HP
2009-01-26 08:24 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-01-26 08:23 77,824 a----r-- c:\windows\system32\HPZIDS01.dll
2009-01-26 08:23 38,400 a------- c:\windows\system32\hpz3l054.dll
2009-01-26 08:23 827,392 a----r-- c:\windows\system32\hpotiop2.dll
2009-01-26 08:23 659,456 a----r-- c:\windows\system32\hpowiax2.dll
2009-01-26 08:23 254,026 a----r-- c:\windows\system32\hpovst09.dll
2009-01-26 08:22 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-01-26 08:22 6,784 a------- c:\windows\system32\dllcache\serscan.sys
2009-01-26 08:22 162 a------- c:\windows\system32\AddPort.ini
2009-01-26 08:22 687 a------- c:\windows\hpntwksetup.ini
2009-01-26 08:21 282,680 a------- c:\windows\system32\HPZidr12.dll
2009-01-26 08:21 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-01-26 08:21 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-01-26 08:21 73,728 a------- c:\windows\system32\HPZipm12.exe
2009-01-26 08:21 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-01-26 08:21 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-01-26 08:20 <DIR> --d----- c:\program files\HP
2009-01-26 08:19 117,092 a------- c:\windows\hpoins11.dat
2009-01-21 15:41 <DIR> --d----- c:\program files\Guitar Pro 5

==================== Find3M ====================

2009-02-18 15:45 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-18 15:45 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-07-07 21:11 61,224 a------- c:\documents and settings\charles\GoToAssistDownloadHelper.exe

============= FINISH: 20:18:30.35 ===============

Attached Files



#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:26 PM

Posted 22 February 2009 - 10:12 AM

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
These steps are for member car377 only. If you are a lurker, do NOT try this on your system!
If you are not car377 and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.

Hello Chuck,

Please do the following.
Temporarily disable your McAfee AV before running these tools.
See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next, Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Folders to delete:
    C:\Recycler
    D:\Recycler
    E:\Recycler
    F:\Recycler
    G:\Recycler
    H:\Recycler
    C:\Resycled
    D:\Resycled
    E:\Resycled
    F:\Resycled
    G:\Resycled
    H:\Resycled
  • In the avenger window, click the Paste Script from Clipboard icon, Posted Image button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.
Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center and then run it.
http://www.microsoft.com/downloads/details...;displaylang=en

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log
The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Vista x64, Windows XP x64 and Windows 2003 x64 computers.
Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
http://www.microsoft.com/downloads/details...;displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:
----------------
No infection found.


One further note: If your Windows Update process has been working, you would find the MSRT tool on your system at
C:\WINDOWS\system32\MRT.exe
=

Next get, save, and then run this tool from F-Secure
Save the ZIP file to your Desktop, and unzip the contents.
Make sure if you have any open work, to save your work, and close all your open windows.
In the process of running this tool, restarts may be required.

Run the exe.

Advise me of what results are given by the tool.
=

Posted ImageSee this page for instructions on downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

NOTE: Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the tools

Run Combofix

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.


Reply with the C:\Avenger.txt log and C:\Combofix.txt log in your next reply.

Edited by Maurice Naggar, 22 February 2009 - 10:19 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 22 February 2009 - 02:13 PM

Thanks for your reply and assistance. I've read through and understand the instructions, and I'll begin running Avenger in a few minutes. One question: the Microsoft MRT will ask whether I want to do a quick scan or full scan. Should I do the full scan?

Thanks,
Chuck

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:26 PM

Posted 22 February 2009 - 02:26 PM

Chuck,
If so prompted, do the quick scan.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 22 February 2009 - 05:36 PM

Hi Again,

The F-downadup scan didn't leave a results window, but the logfiles don't seem to indicate any infection found. Likewise MS MRT didn't find anything. I can use IE6 again without unwanted toolbars or bogus virus-warning popups. The Avenger.txt and Combofix.txt logs are below.

Thanks,
Chuck

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Recycler" deleted successfully.

Error: could not open folder "D:\Recycler"
Deletion of folder "D:\Recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "E:\Recycler"
Deletion of folder "E:\Recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "F:\Recycler"
Deletion of folder "F:\Recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Folder "G:\Recycler" deleted successfully.

Error: could not open folder "H:\Recycler"
Deletion of folder "H:\Recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\Resycled" not found!
Deletion of folder "C:\Resycled" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "D:\Resycled"
Deletion of folder "D:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "E:\Resycled"
Deletion of folder "E:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "F:\Resycled"
Deletion of folder "F:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "G:\Resycled" not found!
Deletion of folder "G:\Resycled" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "H:\Resycled"
Deletion of folder "H:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.



ComboFix 09-02-21.01 - Charles 2009-02-22 14:32:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3710.3100 [GMT -7:00]
Running from: c:\documents and settings\Charles\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET


((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-07 11:29 . 2009-02-07 10:23 50,688 --a------ C:\ATF-Cleaner.exe
2009-02-07 10:27 . 2009-02-07 10:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 10:27 . 2009-02-07 10:27 <DIR> d-------- c:\documents and settings\Charles\Application Data\Malwarebytes
2009-02-07 10:27 . 2009-02-07 10:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 10:27 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 10:27 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 21:31 . 2009-02-05 21:31 <DIR> d--h----- c:\windows\PIF
2009-01-28 15:01 . 2009-01-28 15:01 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\HP
2009-01-26 08:39 . 2009-01-26 08:39 <DIR> d-------- c:\documents and settings\Charles\Application Data\HP
2009-01-26 08:35 . 2009-01-26 08:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-26 08:28 . 2009-01-26 08:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-01-26 08:26 . 2009-01-26 08:27 <DIR> d-------- c:\program files\Common Files\HP
2009-01-26 08:24 . 2009-01-26 08:24 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-26 08:23 . 2006-04-12 17:02 827,392 -ra------ c:\windows\system32\hpotiop2.dll
2009-01-26 08:23 . 2006-04-12 17:02 659,456 -ra------ c:\windows\system32\hpowiax2.dll
2009-01-26 08:23 . 2006-04-12 17:02 254,026 -ra------ c:\windows\system32\hpovst09.dll
2009-01-26 08:23 . 2006-01-04 02:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll
2009-01-26 08:23 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2009-01-26 08:22 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2009-01-26 08:22 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2009-01-26 08:22 . 2009-01-26 08:22 687 --a------ c:\windows\hpntwksetup.ini
2009-01-26 08:22 . 2009-01-26 08:22 162 --a------ c:\windows\system32\AddPort.ini
2009-01-26 08:21 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2009-01-26 08:21 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-26 08:21 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-26 08:21 . 2007-08-09 00:27 73,728 --a------ c:\windows\system32\HPZipm12.exe
2009-01-26 08:21 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2009-01-26 08:21 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-26 08:20 . 2009-01-26 08:25 <DIR> d-------- c:\program files\HP
2009-01-26 08:19 . 2009-01-26 08:39 117,092 --a------ c:\windows\hpoins11.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 21:40 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-22 21:40 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-02-22 21:27 --------- d-----w c:\documents and settings\Charles\Application Data\Skype
2009-02-22 19:27 --------- d-----w c:\documents and settings\Charles\Application Data\skypePM
2009-02-21 01:28 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 16:17 --------- d-----w c:\program files\VPNremote for Windows XP
2009-02-07 18:03 --------- d-----w c:\program files\Applications
2009-02-02 02:19 --------- d-----w c:\program files\Napster
2009-01-21 22:41 --------- d-----w c:\program files\Guitar Pro 5
2008-12-25 22:29 31 ----a-w c:\documents and settings\Jeremy\jagex_runescape_preferences.dat
2008-12-24 00:56 --------- d-----w c:\program files\Skype
2008-12-24 00:56 --------- d-----w c:\program files\Common Files\Skype
2008-12-24 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-24 00:37 --------- d-----w c:\program files\Common Files\LogiShrd
2008-12-24 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-12-24 00:08 --------- d-----w c:\program files\Logitech
2008-12-24 00:08 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-07-08 04:11 61,224 ----a-w c:\documents and settings\Charles\GoToAssistDownloadHelper.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-14 196608]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\STSYSTRA.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-07-16 156784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2001-11-27 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 10:06 11776 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 10:06 110592 c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsSecurity1.209.4"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"<NO NAME>"=

R0 avipsec;Avaya IPSEC Driver;c:\windows\system32\drivers\avipsec.sys [2005-08-01 85504]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
R1 VProtocol;AVAYA VPNet VProtocol;c:\windows\system32\drivers\vproto2k.sys [2005-08-01 14336]
R2 AvService;Avaya VPN Service;c:\program files\VPNremote for Windows XP\AvVpnService.exe [2005-08-01 53248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-25 24652]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-02-12 3768]
R3 ndisva;Avaya VPNet Virtual Adapter Driver;c:\windows\system32\drivers\vadapter.sys [2005-08-01 12288]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-04 33752]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-09-29 200704]
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = nj.proxy.avaya.com:8000
uInternet Settings,ProxyOverride = *.avaya.com;135.9.49.118;135.9.49.72;;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {07D06F79-BEA3-4676-9F8E-7C7067B96C76} - hxxp://135.9.49.118:9080/1xp/portalclient/lib/AvayaPhoneInterface.cab
DPF: {90D7EA0F-6776-4D1A-BCC9-E8CC24B43B6F} - hxxp://135.9.49.118:9080/1xp/portalclient/lib/AvayaEnhancedRecorder.cab
FF - ProfilePath - c:\documents and settings\Charles\Application Data\Mozilla\Firefox\Profiles\lyqnt1aq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 14:41:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6668)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
C:\Updater.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2009-02-22 14:48:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 21:47:58

Pre-Run: 9,329,184,768 bytes free
Post-Run: 9,509,515,264 bytes free

252

#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:26 PM

Posted 22 February 2009 - 06:01 PM

My guess is that the system had a Conficker.B (alias Downadup) infection. I'd like for you to do an online scan for follow-up.

Scan the system with the Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner

Posted Image Attention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

1) Click the Kapersky Online Scanner button. You'll see a popup window.
2) Accept the agreement
3) Accept the installation of the required ActiveX object ( XP SP2-SP3 will show this in the Information Bar )
4) For XP SP2-SP3, click the Install button when prompted
5) The necessary files will be downloaded and installed. Please have plenty of patience.
6) After Kaspersky AntiVirus Database is updated, look at the Scan box.
7) Click the My Computer line
8 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

9) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.
RE-Enable your AntiVirus and AntiSpyware applications.
Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or SmitFraudFix items, or ComboFix's Qoobox & quarantine.
Kaspersky is a report only and does not remove files.

Post back with copies of the Kaspersky.txt report.
How is your system now :?:

We'll have to do a cleanup procedure, after we see the results from Kaspersky scan.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#13 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 22 February 2009 - 10:30 PM

Hi Maurice,

The Kaspersky scan required 3 hours and 47 minutes. The computer seems to be running fine now, no apparent symptoms of the earlier problems, and performance is good. Below is the Kaspersky scan report.

Thanks,
Chuck

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 22, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 22, 2009 23:05:09
Records in database: 1831852
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
Z:\

Scan statistics:
Files scanned: 193200
Threat name: 3
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 03:47:23


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1
C:\Documents and Settings\Charles\My Downloads\Packages\RealVNC\vnc-4_1_1-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1
C:\Documents and Settings\Charles\My Downloads\Packages\RealVNC\vnc-4_1_1-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
G:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
G:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
G:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1
G:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

The selected area was scanned.

#14 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:26 PM

Posted 23 February 2009 - 07:30 AM

Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you need to un-install it. Go to Control Panel and Add-or-Remove programs.
Look for it and click the line for it. Select Change/Remove to de-install it.
Do the same for Kapersky Online Scanner.

You need to remove older versions of Java runtime and get the latest one:
Download -- to your Desktop -- JavaRa.Zip from either of these two sites:
  • http://prm753.bchea.org/click/click.php?id=9
    http://www.majorgeeks.com/JavaRa_d5967.html
  • Unzip the download. This will create a new Folder, JavaRa on your Desktop.
  • Double click this new Folder to open it, and double click the file within: JavaRa to execute the program.
  • Click the button: Remove Older Versions.
  • Agree to the cleanup operation by clicking Yes. After a moment, a notice will appear that a log file has been produced. Click OK. Close the Notepad view that opens.
  • Click the button: Other Tasks. Choose these options:
    Remove Useless JRE Files
    Remove Startup Entry
    Remove JavaRa Logfile
  • Click Go. When it finishes, click OK to close the panel, and then Exit the program.
  • Delete the download, and the unzipped folder and all contents.
Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp
> In top of the page (first in the list), click on the Download button to the right of Java Runtime Environment (JRE) 6 Update 12
> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; You do not have to install the Java Web Start ActiveX Control
> Accept the license agreement
> Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.
  • Tip: Choose Custom install to select only the part(s) you need/want.
Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.

If you were /not/ prompted to reboot, please do so now.

I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, (either Combofix or Combo-fix), put that name in the RUN box stated just below. The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Click Start, then click Run.

    In the command box that opens, type or copy/paste combofix /u and then click OK.

    Posted Image
  • Please download OTMoveIt3 by OldTimer: http://oldtimer.geekstogo.com/OTMoveIt3.exe
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
We are finished here. Best regards.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#15 car377

car377
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 23 February 2009 - 02:31 PM

Thanks so much for your help! You guys rock!

Best regards,
Chuck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users