Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up saying compuiter is infected


  • This topic is locked This topic is locked
17 replies to this topic

#1 jhasting

jhasting

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 01 February 2009 - 01:24 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:18 PM, on 2/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://activatemydsl.verizon.net/SmartAcce...%7D&lang=en
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4D99EE79-457E-40B8-B82C-CDE69679F716} - C:\WINDOWS\system32\opnmJBus.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1c8f050a] rundll32.exe "C:\WINDOWS\system32\dsxjqiow.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: cbXPgdBR - C:\WINDOWS\SYSTEM32\cbXPgdBR.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 9670 bytes

BC AdBot (Login to Remove)

 


#2 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 01 February 2009 - 01:26 PM

Also, I think his occured while I was on facebook

#3 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 01 February 2009 - 04:22 PM

Now, when I restart, Mcafee reports that it blocked 'autorun.work.gen'. THis happen every time the PC is booted. It then reports it removed trojan vundo!grb. Any issues with the log?

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 02 February 2009 - 06:09 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 02 February 2009 - 07:18 PM

Thanks
======================================
mbam-log
======================================
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/2/2009 7:09:08 PM
mbam-log-2009-02-02 (19-09-08).txt

Scan type: Quick Scan
Objects scanned: 62754
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ddvegtrn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nntkscoh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnmJBus.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXPgdBR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\levvycgm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hwbatx.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fcb040f-98c1-4c22-b740-f2935f609801} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5fcb040f-98c1-4c22-b740-f2935f609801} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxpgdbr (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec4dc778-82de-4468-920f-4df9aae92a56} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec4dc778-82de-4468-920f-4df9aae92a56} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ec4dc778-82de-4468-920f-4df9aae92a56} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fcb040f-98c1-4c22-b740-f2935f609801} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c8f050a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnmjbus -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnmjbus -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hwbatx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXPgdBR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnmJBus.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\suBJmnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suBJmnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddvegtrn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nrtgevdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nntkscoh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hocsktnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\levvycgm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\KP01N2RL\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\W1K23LKT\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by jhasting, 02 February 2009 - 07:23 PM.


#6 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 02 February 2009 - 07:24 PM

=====================================
RSIT log
=====================================

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-02-02 19:16:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 288 GB (61%) free of 470 GB
Total RAM: 3710 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:24 PM, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://activatemydsl.verizon.net/SmartAcce...%7D&lang=en
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: hwbatx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 9390 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-23 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}]
Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-8398-26FADCF27386} - Verizon Broadband Toolbar - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL [2008-05-30 1991680]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-18 14820864]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-10 61440]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-23 185872]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-10-18 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2005-05-10 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="hwbatx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-10 46080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f4c1b50-e8da-11dd-b209-0013d4ca7017}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 3 months======

2009-02-02 19:14:46 ----A---- C:\WINDOWS\gmer.ini
2009-02-02 19:14:45 ----RA---- C:\WINDOWS\gmer.exe
2009-02-02 19:14:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-02 19:14:45 ----A---- C:\WINDOWS\gmer.dll
2009-02-02 19:07:32 ----D---- C:\rsit
2009-02-02 19:07:32 ----D---- C:\Program Files\trend micro
2009-02-02 19:00:29 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-02-02 19:00:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 19:00:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-01 16:51:41 ----A---- C:\WINDOWS\system32\jdzjob.dll
2009-02-01 16:51:40 ----A---- C:\WINDOWS\system32\xuulxsjt.dll
2009-02-01 13:53:42 ----D---- C:\Program Files\WinRAR
2009-02-01 13:38:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2009-02-01 12:52:36 ----A---- C:\WINDOWS\system32\17acc174-.txt
2009-01-31 16:26:29 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2009-01-28 11:41:18 ----D---- C:\WINDOWS\Internet Logs
2009-01-28 11:40:56 ----A---- C:\WINDOWS\system32\dneinobj.dll
2009-01-28 11:40:45 ----D---- C:\Program Files\Common Files\Deterministic Networks
2009-01-28 11:40:42 ----D---- C:\Program Files\Cisco Systems
2009-01-28 08:05:31 ----A---- C:\WINDOWS\system32\ssleay32.dll
2009-01-28 08:05:31 ----A---- C:\WINDOWS\system32\libeay32.dll
2009-01-28 08:05:31 ----A---- C:\WINDOWS\system32\DNIN50.dll
2009-01-28 08:05:29 ----D---- C:\Program Files\NETGEAR
2009-01-28 08:05:16 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2009-01-24 17:51:01 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2009-01-24 17:43:12 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2009-01-24 17:31:47 ----A---- C:\WINDOWS\system32\TubeFinder.exe
2009-01-24 17:31:44 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-01-24 17:31:44 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-01-24 17:31:44 ----A---- C:\WINDOWS\system32\PCCLPFR.DLL
2009-01-24 17:31:44 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-01-24 17:31:43 ----D---- C:\Program Files\Free FLV Converter
2009-01-24 17:31:43 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2009-01-24 08:55:32 ----D---- C:\WINDOWS\Temporary Internet Files
2009-01-24 08:55:32 ----D---- C:\WINDOWS\History
2009-01-24 08:55:32 ----D---- C:\WINDOWS\Cookies
2009-01-24 08:55:30 ----D---- C:\KPCMS
2009-01-24 08:55:30 ----A---- C:\WINDOWS\system32\MSVCRT10.DLL
2009-01-24 08:55:29 ----A---- C:\WINDOWS\sprof32.dll
2009-01-24 08:55:29 ----A---- C:\WINDOWS\pfpick.dll
2009-01-24 08:55:29 ----A---- C:\WINDOWS\kpsys32.dll
2009-01-24 08:55:29 ----A---- C:\WINDOWS\kpcp32.dll
2009-01-24 08:55:29 ----A---- C:\WINDOWS\KPCMS.INI
2009-01-24 08:55:29 ----A---- C:\WINDOWS\icccodes.dll
2009-01-24 08:55:13 ----D---- C:\WINDOWS\system32\COLOR
2009-01-24 08:54:31 ----A---- C:\WINDOWS\uninst.exe
2009-01-23 19:28:37 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Google
2009-01-23 19:26:48 ----D---- C:\Program Files\Common Files\xing shared
2009-01-23 19:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-23 19:25:26 ----D---- C:\Program Files\Google
2009-01-23 19:01:20 ----D---- C:\Program Files\Common Files\Designer
2009-01-23 19:00:44 ----D---- C:\WINDOWS\ShellNew
2009-01-23 18:59:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft Web Folders
2009-01-22 20:15:48 ----D---- C:\Program Files\Common Files\MainConcept
2009-01-22 20:09:48 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\MainConcept
2009-01-22 20:02:07 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-01-22 19:49:08 ----D---- C:\WINDOWS\ie7updates
2009-01-22 19:48:30 ----D---- C:\WINDOWS\WBEM
2009-01-22 19:46:59 ----HDC---- C:\WINDOWS\ie7
2009-01-22 19:46:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-22 19:46:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-22 19:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-22 19:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-22 19:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-22 19:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-22 19:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-22 19:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-22 19:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-22 19:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-22 19:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-22 19:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-22 19:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-22 19:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-22 19:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-22 19:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-22 19:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-22 19:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-22 19:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-22 19:34:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-22 19:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-22 19:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-22 19:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-22 19:34:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-22 19:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-22 19:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-22 19:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-22 19:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-22 19:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-22 19:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-22 19:33:25 ----D---- C:\Program Files\MSXML 4.0
2009-01-22 19:32:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-22 19:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-01-22 19:31:49 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ICAClient
2009-01-22 19:30:38 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Motive
2009-01-22 19:29:37 ----D---- C:\WINDOWS\system32\Resource
2009-01-22 19:29:29 ----D---- C:\Program Files\Citrix
2009-01-22 19:25:11 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-01-22 19:25:04 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-22 19:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-22 19:25:01 ----D---- C:\Program Files\SiteAdvisor
2009-01-22 19:20:44 ----D---- C:\Program Files\Common Files\McAfee
2009-01-22 19:20:42 ----D---- C:\Program Files\McAfee.com
2009-01-22 19:20:35 ----D---- C:\Program Files\McAfee
2009-01-22 19:13:47 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-01-22 19:12:11 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2009-01-22 19:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2009-01-22 19:10:03 ----D---- C:\Program Files\Common Files\Motive
2009-01-22 19:09:23 ----D---- C:\Program Files\Verizon Broadband Firefox Toolbar
2009-01-22 19:09:22 ----D---- C:\Program Files\verizon_broad
2009-01-22 19:09:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\verizon_broad
2009-01-22 19:00:26 ----D---- C:\Program Files\Verizon
2009-01-22 18:58:50 ----D---- C:\Program Files\Common Files\SupportSoft
2009-01-22 18:58:10 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-22 18:46:28 ----D---- C:\Program Files\Maxtor
2009-01-22 18:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\Maxtor
2009-01-22 18:45:49 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2009-01-22 18:45:48 ----SHD---- C:\WINDOWS\ftpcache
2009-01-22 18:15:09 ----SHD---- C:\RECYCLER
2009-01-22 17:24:42 ----D---- C:\WINDOWS\Prefetch
2009-01-22 17:19:40 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-01-22 17:19:40 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-01-22 17:19:35 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-01-22 17:19:33 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-22 17:19:32 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-22 17:19:31 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-22 17:19:30 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\slserv.exe
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\slgen.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-22 17:19:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-01-22 17:19:28 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-22 17:19:28 ----N---- C:\WINDOWS\slrundll.exe
2009-01-22 17:19:28 ----D---- C:\WINDOWS\system32\en-us
2009-01-22 17:19:27 ----D---- C:\WINDOWS\system32\scripting
2009-01-22 17:19:27 ----D---- C:\WINDOWS\system32\en
2009-01-22 17:19:27 ----D---- C:\WINDOWS\system32\bits
2009-01-22 17:19:27 ----D---- C:\WINDOWS\l2schemas
2009-01-22 17:18:32 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-22 17:17:23 ----D---- C:\WINDOWS\network diagnostic
2009-01-22 17:16:17 ----A---- C:\WINDOWS\003025_.tmp
2009-01-22 17:14:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-22 16:59:57 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-01-22 16:59:55 ----A---- C:\WINDOWS\system32\hpz3l3xu.dll
2009-01-22 16:59:29 ----RA---- C:\WINDOWS\system32\HPZc3212.dll
2009-01-22 16:59:29 ----RA---- C:\WINDOWS\system32\hpovst09.dll
2009-01-22 16:59:28 ----RA---- C:\WINDOWS\system32\hpowiamd.dll
2009-01-22 16:59:28 ----RA---- C:\WINDOWS\system32\hpotiop2.dll
2009-01-22 16:45:46 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-22 16:40:06 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-01-22 14:31:46 ----D---- C:\WINDOWS\pss
2009-01-22 14:28:49 ----RASH---- C:\BOOT.BAK
2009-01-22 14:28:43 ----RSHD---- C:\cmdcons
2009-01-22 14:28:43 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-01-22 14:28:41 ----D---- C:\WINDOWS\setup.pss
2009-01-22 14:26:06 ----ASH---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2009-01-22 14:26:04 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-01-22 14:26:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2009-01-22 14:26:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
2009-01-22 14:26:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2009-01-22 14:26:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2009-01-22 14:26:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2009-01-22 14:26:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ATI
2009-01-22 14:26:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2009-01-22 14:16:53 ----SHD---- C:\System Volume Information
2009-01-22 14:02:42 ----D---- C:\WINDOWS\I386
2009-01-22 13:55:01 ----RSD---- C:\WINDOWS\assembly
2009-01-22 13:54:57 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-22 13:53:59 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-22 13:15:24 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-22 13:15:24 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-22 13:14:59 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-22 13:14:54 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-22 13:14:54 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-22 13:13:57 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-22 13:13:53 ----A---- C:\WINDOWS\system32\ils.dll

======List of files/folders modified in the last 3 months======

2009-02-02 19:15:15 ----D---- C:\WINDOWS\system32
2009-02-02 19:15:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-02 19:14:46 ----D---- C:\WINDOWS
2009-02-02 19:14:45 ----D---- C:\WINDOWS\system32\drivers
2009-02-02 19:13:17 ----D---- C:\WINDOWS\Temp
2009-02-02 19:11:23 ----D---- C:\WINDOWS\Registration
2009-02-02 19:10:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 19:09:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 19:09:08 ----D---- C:\Program Files
2009-02-01 16:46:52 ----D---- C:\WINDOWS\system32\config
2009-02-01 16:46:43 ----D---- C:\WINDOWS\system32\wbem
2009-02-01 16:45:16 ----D---- C:\WINDOWS\system32\Restore
2009-02-01 16:17:46 ----D---- C:\WINDOWS\system32\Lang
2009-02-01 13:04:04 ----D---- C:\Program Files\Common Files
2009-01-28 11:42:15 ----D---- C:\WINDOWS\security
2009-01-28 11:41:15 ----SHD---- C:\WINDOWS\Installer
2009-01-28 11:41:03 ----HD---- C:\WINDOWS\inf
2009-01-28 08:06:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-28 08:05:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-27 18:51:58 ----A---- C:\WINDOWS\win.ini
2009-01-24 08:55:23 ----D---- C:\Program Files\Common Files\Adobe
2009-01-24 08:55:07 ----D---- C:\Program Files\Adobe
2009-01-23 19:26:41 ----D---- C:\Program Files\Common Files\Real
2009-01-23 19:26:38 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-23 19:26:26 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-23 19:26:26 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-23 19:26:23 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-23 19:26:23 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-01-23 19:22:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-23 19:22:07 ----A---- C:\WINDOWS\imsins.BAK
2009-01-23 19:02:10 ----A---- C:\WINDOWS\ODBC.INI
2009-01-23 19:01:36 ----RSD---- C:\WINDOWS\Fonts
2009-01-23 19:01:09 ----D---- C:\WINDOWS\Media
2009-01-23 19:00:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-23 19:00:49 ----D---- C:\Program Files\Common Files\System
2009-01-23 18:59:22 ----D---- C:\Program Files\Microsoft Office
2009-01-23 18:59:08 ----D---- C:\WINDOWS\system
2009-01-23 18:59:08 ----D---- C:\WINDOWS\msapps
2009-01-23 18:59:08 ----D---- C:\Program Files\microsoft frontpage
2009-01-22 20:02:46 ----D---- C:\WINDOWS\system32\DirectX
2009-01-22 20:01:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-22 19:59:45 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-22 19:55:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-22 19:52:07 ----D---- C:\WINDOWS\Help
2009-01-22 19:52:07 ----D---- C:\Program Files\Internet Explorer
2009-01-22 19:38:16 ----D---- C:\Program Files\Messenger
2009-01-22 19:34:00 ----D---- C:\WINDOWS\WinSxS
2009-01-22 19:24:15 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-22 19:21:01 ----SD---- C:\WINDOWS\Tasks
2009-01-22 18:18:38 ----D---- C:\Program Files\Quicken
2009-01-22 17:25:02 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-22 17:24:49 ----A---- C:\WINDOWS\setuplog.txt
2009-01-22 17:24:20 ----D---- C:\WINDOWS\system32\Setup
2009-01-22 17:24:20 ----D---- C:\WINDOWS\AppPatch
2009-01-22 17:19:34 ----D---- C:\WINDOWS\ime
2009-01-22 17:19:28 ----D---- C:\WINDOWS\system32\usmt
2009-01-22 17:19:27 ----D---- C:\WINDOWS\PeerNet
2009-01-22 17:19:27 ----D---- C:\Program Files\Movie Maker
2009-01-22 17:18:27 ----D---- C:\WINDOWS\system32\npp
2009-01-22 17:18:27 ----D---- C:\WINDOWS\mui
2009-01-22 17:18:26 ----D---- C:\WINDOWS\srchasst
2009-01-22 17:18:26 ----D---- C:\WINDOWS\msagent
2009-01-22 17:18:25 ----D---- C:\WINDOWS\system32\Com
2009-01-22 17:18:25 ----D---- C:\Program Files\NetMeeting
2009-01-22 17:18:24 ----D---- C:\Program Files\Windows NT
2009-01-22 17:18:24 ----D---- C:\Program Files\Outlook Express
2009-01-22 17:18:12 ----D---- C:\WINDOWS\system32\oobe
2009-01-22 17:14:12 ----AD---- C:\WINDOWS\ehome
2009-01-22 17:12:34 ----D---- C:\WINDOWS\Debug
2009-01-22 17:09:26 ----D---- C:\Program Files\Symantec
2009-01-22 17:09:26 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-22 17:08:32 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-22 17:08:25 ----D---- C:\Program Files\HP
2009-01-22 16:59:35 ----D---- C:\WINDOWS\twain_32
2009-01-22 16:48:46 ----D---- C:\Program Files\Online Services
2009-01-22 16:48:45 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-22 16:34:34 ----D---- C:\Program Files\MSN Encarta Standard
2009-01-22 16:33:25 ----D---- C:\WINDOWS\pchealth
2009-01-22 16:30:11 ----D---- C:\Program Files\Easy Internet signup
2009-01-22 14:45:46 ----RASH---- C:\boot.ini
2009-01-22 14:45:46 ----A---- C:\WINDOWS\system.ini
2009-01-22 14:26:03 ----D---- C:\Documents and Settings
2009-01-22 14:15:39 ----D---- C:\WINDOWS\repair
2009-01-22 14:02:47 ----D---- C:\WINDOWS\SMINST
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-28 17801]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-10 1273856]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2005-07-28 156800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-18 3856896]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-02 85969]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-10 380928]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-08-05 235520]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------

#7 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 02 February 2009 - 07:25 PM

===============================
RSIT info
===============================

THis did not open when I ran RSIT

#8 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 02 February 2009 - 07:26 PM

==================================
GMER output attached
==================================

Attached Files

  • Attached File  GMER.txt   12.93KB   24 downloads


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 02 February 2009 - 11:24 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 03 February 2009 - 04:23 PM

======================================
ComboFix Log
======================================

ComboFix 09-02-02.04 - HP_Administrator 2009-02-03 16:17:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.3173 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jdzjob.dll
c:\windows\system32\xuulxsjt.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-02 21:01 . 2009-02-02 21:01 <DIR> d-------- c:\program files\Lavasoft
2009-02-02 21:01 . 2009-02-02 21:01 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-02 21:01 . 2009-02-02 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-02 20:57 . 2009-02-02 20:57 <DIR> d-------- c:\program files\Registrar Lite
2009-02-02 20:49 . 2009-02-02 20:49 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-02-02 20:49 . 2009-02-02 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-02 19:14 . 2009-02-02 19:27 250 --a------ c:\windows\gmer.ini
2009-02-02 19:07 . 2009-02-02 19:07 <DIR> d-------- C:\rsit
2009-02-02 19:07 . 2009-02-02 19:16 <DIR> d-------- c:\program files\trend micro
2009-02-02 19:00 . 2009-02-02 19:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 19:00 . 2009-02-02 19:00 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-02-02 19:00 . 2009-02-02 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 19:00 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 19:00 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 13:38 . 2009-02-01 16:46 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\HPQ
2009-01-31 16:26 . 2009-01-31 16:26 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-01-28 11:41 . 2009-01-28 11:41 <DIR> d-------- c:\windows\Internet Logs
2009-01-28 11:40 . 2009-01-28 11:40 <DIR> d-------- c:\program files\Common Files\Deterministic Networks
2009-01-28 11:40 . 2009-01-28 11:40 <DIR> d-------- c:\program files\Cisco Systems
2009-01-28 11:40 . 2007-01-31 13:45 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2009-01-28 11:40 . 2007-01-31 13:45 101,904 --a------ c:\windows\system32\dneinobj.dll
2009-01-28 11:40 . 2009-01-28 11:41 1,594 --a------ c:\windows\VPNInstall.MIF
2009-01-28 08:05 . 2009-01-28 08:05 <DIR> d-------- c:\program files\NETGEAR
2009-01-28 08:05 . 2009-01-28 08:05 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\InstallShield
2009-01-28 08:05 . 2004-04-18 16:43 651,264 --a------ c:\windows\system32\libeay32.dll
2009-01-28 08:05 . 2005-09-26 16:02 362,944 --a------ c:\windows\system32\drivers\WPN111.sys
2009-01-28 08:05 . 2005-07-27 21:15 149,392 --a------ c:\windows\system32\drivers\ar5523.bin
2009-01-28 08:05 . 2004-04-18 16:43 147,456 --a------ c:\windows\system32\ssleay32.dll
2009-01-28 08:05 . 2003-07-24 12:10 94,208 --a------ c:\windows\system32\DNIN50.dll
2009-01-28 08:05 . 2009-01-28 08:05 17,801 --a------ c:\windows\system32\drivers\AegisP.sys
2009-01-28 08:05 . 2003-07-24 12:10 17,149 --a------ c:\windows\system32\DNINDIS5.sys
2009-01-24 17:51 . 2009-01-24 17:51 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-01-24 17:43 . 2009-01-24 17:43 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-01-24 17:31 . 2009-01-24 17:33 <DIR> d-------- c:\program files\Free FLV Converter
2009-01-24 17:31 . 2008-06-04 17:42 364,544 --a------ c:\windows\system32\PropertyGrid.ocx
2009-01-24 17:31 . 2008-12-24 08:02 274,432 --a------ c:\windows\system32\TubeFinder.exe
2009-01-24 17:31 . 2008-06-04 17:42 208,500 --a------ c:\windows\system32\ReyXpBasics.tlb
2009-01-24 17:31 . 2008-06-04 17:42 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2009-01-24 17:31 . 2008-06-04 17:42 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-01-24 17:31 . 2008-06-04 17:42 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-01-24 17:31 . 2008-06-04 17:42 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-01-24 17:31 . 2008-06-04 17:42 84,512 --a------ c:\windows\system32\PICCLP32.OCX
2009-01-24 17:31 . 2008-06-04 17:42 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-01-24 17:31 . 2008-06-04 17:42 24,576 --a------ c:\windows\system32\ControlSubX.ocx
2009-01-24 17:31 . 2008-06-04 17:42 9,728 --a------ c:\windows\system32\PCCLPFR.DLL
2009-01-24 08:54 . 1998-05-06 18:06 299,520 --a------ c:\windows\uninst.exe
2009-01-23 19:26 . 2009-01-23 19:26 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-23 19:25 . 2009-01-24 08:40 <DIR> d-------- c:\program files\Google
2009-01-23 19:00 . 2009-01-23 19:00 <DIR> d-------- c:\windows\ShellNew
2009-01-23 18:59 . 2009-01-23 18:59 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Microsoft Web Folders
2009-01-22 20:15 . 2009-01-22 20:15 <DIR> d-------- c:\program files\Common Files\MainConcept
2009-01-22 20:09 . 2009-01-22 20:09 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\MainConcept
2009-01-22 19:48 . 2008-10-16 15:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-01-22 19:48 . 2007-04-17 04:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-22 19:48 . 2007-03-08 00:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-22 19:48 . 2008-10-16 15:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-22 19:48 . 2008-10-16 15:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-22 19:48 . 2008-10-16 15:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-01-22 19:48 . 2008-10-16 15:38 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-01-22 19:48 . 2008-10-16 15:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-22 19:48 . 2008-10-16 08:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-22 19:33 . 2009-01-22 19:33 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-22 19:31 . 2009-01-22 19:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\ICAClient
2009-01-22 19:30 . 2009-01-22 19:30 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Motive
2009-01-22 19:29 . 2009-01-22 19:29 <DIR> d-------- c:\windows\system32\Resource
2009-01-22 19:29 . 2009-01-22 19:29 <DIR> d-------- c:\program files\Citrix
2009-01-22 19:29 . 2008-10-15 20:00 1,499,136 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-22 19:29 . 2008-10-16 15:38 1,160,192 --------- c:\windows\system32\dllcache\urlmon.dll
2009-01-22 19:29 . 2008-10-16 15:38 826,368 --------- c:\windows\system32\dllcache\wininet.dll
2009-01-22 19:29 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-01-22 19:28 . 2008-12-13 01:40 3,593,216 --------- c:\windows\system32\dllcache\mshtml.dll
2009-01-22 19:28 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-22 19:28 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-22 19:28 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-22 19:28 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-22 19:28 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-22 19:27 . 2008-04-11 14:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-22 19:27 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-22 19:27 . 2008-12-11 05:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-22 19:27 . 2008-05-01 09:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-01-22 19:27 . 2008-05-08 09:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-01-22 19:26 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-01-22 19:26 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-22 19:25 . 2009-01-22 19:26 <DIR> d-------- c:\program files\SiteAdvisor
2009-01-22 19:25 . 2009-01-22 19:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-01-22 19:25 . 2009-02-03 16:16 8,293 --a------ c:\windows\system32\Config.MPF
2009-01-22 19:24 . 2009-02-02 18:58 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-01-22 19:24 . 2009-01-22 19:24 <DIR> d--hs---- c:\documents and settings\HP_Administrator\UserData
2009-01-22 19:21 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-01-22 19:21 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-01-22 19:21 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-01-22 19:21 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-01-22 19:20 . 2009-01-22 19:20 <DIR> d-------- c:\program files\McAfee.com
2009-01-22 19:20 . 2009-01-24 08:41 <DIR> d-------- c:\program files\McAfee
2009-01-22 19:20 . 2009-01-22 19:21 <DIR> d-------- c:\program files\Common Files\McAfee
2009-01-22 19:19 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-01-22 19:13 . 2009-01-22 19:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d-------- c:\program files\Common Files\Motive
2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Motive
2009-01-22 19:09 . 2009-01-22 19:09 <DIR> d-------- c:\program files\verizon_broad
2009-01-22 19:09 . 2009-01-22 19:09 <DIR> d-------- c:\program files\Verizon Broadband Firefox Toolbar
2009-01-22 19:09 . 2009-01-22 19:12 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\verizon_broad
2009-01-22 19:00 . 2009-01-22 19:12 <DIR> d-------- c:\program files\Verizon
2009-01-22 18:58 . 2009-01-22 18:58 <DIR> d-------- c:\program files\Common Files\SupportSoft
2009-01-22 18:46 . 2009-01-22 18:46 <DIR> d-------- c:\program files\Maxtor
2009-01-22 18:46 . 2009-01-24 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Maxtor
2009-01-22 18:45 . 2009-01-22 18:45 <DIR> d--hs---- c:\windows\ftpcache
2009-01-22 17:18 . 2009-01-22 17:18 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-22 17:16 . 2008-04-14 00:10 43,904 --a------ c:\windows\system32\drivers\sbp2port.sys
2009-01-22 17:16 . 2008-04-14 00:10 43,904 --a------ c:\windows\system32\dllcache\sbp2port.sys
2009-01-22 17:16 . 2006-12-29 00:31 19,569 --a------ c:\windows\003025_.tmp
2009-01-22 17:09 . 2009-01-22 17:09 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HP
2009-01-22 17:00 . 2009-01-22 17:09 88,397 --a------ c:\windows\hpoins06.dat
2009-01-22 17:00 . 2005-03-07 23:52 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-22 17:00 . 2005-06-02 22:31 5,389 --------- c:\windows\hpomdl06.dat
2009-01-22 16:59 . 2005-04-07 20:50 827,392 -ra------ c:\windows\system32\hpotiop2.dll
2009-01-22 16:59 . 2005-04-07 20:50 278,528 -ra------ c:\windows\system32\hpowiamd.dll
2009-01-22 16:59 . 2005-03-07 23:49 274,432 -ra------ c:\windows\system32\HPZc3212.dll
2009-01-22 16:59 . 2005-04-07 20:50 258,122 -ra------ c:\windows\system32\hpovst09.dll
2009-01-22 16:59 . 2005-03-15 14:36 77,824 -ra------ c:\windows\system32\hpzids01.dll
2009-01-22 16:59 . 2005-05-05 08:51 37,376 --a------ c:\windows\system32\hpz3l3xu.dll
2009-01-22 16:59 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-22 16:59 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2009-01-22 16:59 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-22 16:59 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 13:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 13:55 --------- d-----w c:\program files\Common Files\Adobe
2009-01-24 00:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-01-24 00:26 --------- d-----w c:\program files\Common Files\Real
2009-01-23 23:59 --------- d-----w c:\program files\microsoft frontpage
2009-01-22 23:18 --------- d-----w c:\program files\Quicken
2009-01-22 22:21 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-01-22 22:21 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-01-22 22:21 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-01-22 22:21 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-01-22 22:21 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-01-22 22:21 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-01-22 22:21 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-01-22 22:21 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-01-22 22:09 --------- d-----w c:\program files\Symantec
2009-01-22 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-22 22:08 --------- d-----w c:\program files\HP
2009-01-22 21:34 --------- d-----w c:\program files\MSN Encarta Standard
2009-01-22 21:30 --------- d-----w c:\program files\Easy Internet signup
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\documents and settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SUPERANTISPYWARE.EXE" [2008-12-10 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-23 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-18 98304]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 c:\windows\RTHDCPL.EXE]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-10 61440]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-01-28 884838]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2009-01-28 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hwbatx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 08:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-02-26 00:34 245760 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 01:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
--a------ 2005-05-10 03:26 53248 c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 SASDIFSV;SASDIFSV;c:\documents and settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASDIFSV.SYS [2009-01-22 8944]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASKUTIL.SYS [2009-01-22 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-22 206096]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-01-28 17149]
R3 SASENUM;SASENUM;c:\documents and settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASENUM.SYS [2009-01-22 4096]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-01-28 362944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f4c1b50-e8da-11dd-b209-0013d4ca7017}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-01-23 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = https://activatemydsl.verizon.net/SmartAcce...%7D&lang=en
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 16:19:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-03 16:21:07
ComboFix-quarantined-files.txt 2009-02-03 21:21:04

Pre-Run: 301,391,925,248 bytes free
Post-Run: 302,411,083,776 bytes free

277 --- E O F --- 2009-01-24 00:22:19

#11 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 03 February 2009 - 04:29 PM

==================
HiJackThis LOG
===================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:57 PM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://activatemydsl.verizon.net/SmartAcce...%7D&lang=en
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SUPERANTISPYWARE.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: hwbatx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 8799 bytes

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 03 February 2009 - 10:01 PM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O20 - AppInit_DLLs: hwbatx.dll

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 04 February 2009 - 07:08 PM

I ran the HijackThis and removed the file. when I run the website, I click the banner at the top to allow the activeX to install, but then I get a pop-up

TITLE: Internet Explorer - Security Warning
INTERNAL:
Windows has blocked this software becase it can;t verify the puiblisher
Name: OnlineScanner.cab
Publisher: UNknown Publisher

And it only gives an OK. Should I disable this check in Internet Explorer.

Thanks for all of your help.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 February 2009 - 10:49 PM

Lets do an alternative scan...


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 05 February 2009 - 07:51 PM

Thanks, it seems to be running much better now, the internet still seems alittle slow.


==================================================
F-Secure log
==================================================
Scanning Report
Thursday, February 05, 2009 19:10:14 - 19:49:34
Computer name: YOUR-55E5F9E3D2
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ K:\


--------------------------------------------------------------------------------

Result: 8 malware found
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Questionmarket (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 32367
System: 3473
Not scanned: 16
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 8
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\MCAFEE_PAUHCWQ4SADKP7E
C:\WINDOWS\TEMP\MCAFEE_YXFYABZXMDJF6JT
C:\WINDOWS\TEMP\MCMSC_772BTX5LTC1RRXY
C:\WINDOWS\TEMP\MCMSC_IQXR4L1OU0R55KN
C:\WINDOWS\TEMP\MCMSC_TEFJSBRX364KVB8
C:\WINDOWS\TEMP\SQLITE_4GXWSH1XACENRFZ
C:\WINDOWS\TEMP\SQLITE_6EOAKH1BYCHZXUQ
C:\WINDOWS\TEMP\SQLITE_SWTWBIOFDJIYS6L
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\RECORDED TV\TEMPREC\TEMPSBE\MSDVRMM_479135141_524288_30644

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.6.8511, 2009-02-05
F-Secure AVP: 7.0.171, 2009-02-05
F-Secure Pegasus: 1.20.0, 1969-11-31
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users