Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got VirusRemover2008, ran Malwarebytes AM, now McAfee errors on scan


  • This topic is locked This topic is locked
32 replies to this topic

#1 Nothing Original

Nothing Original

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 13 February 2009 - 01:43 PM

Hi! I'm using WinXP Pro, SP2. A day or two ago (it's become a blur), I got infected with VirusRemover2008. I had heard of it before, so I immediately d/l'd & ran Malwarebytes AM program. It found a lot of problems & I said to fix them. While fixing, it errored out. So I reran & then said to fix. The second time, it fixed everything. (However, in looking at the logs, it shows nothing found the 2nd time, but I know the 2nd time it found problems, which is why I ran it the third time to make sure everything was corrected.) I then ran AM a third time & this time, it found no problems. (YAY!) Also, either during the 1st or 2nd run, it rebooted itself...I forget when, tho.

So I then purchased AM, to prevent this problem again.

So to be extra careful, I started a McAfee AV scan. After a few minutes, it bombs with the message "...on demand scan has encountered a problem..." I click "don't send" on that one & then I get "...error getting scan progress..."

So I d/l'd & ran Hijackthis & have included the results below. I'm also including the three MBAM logs, in case they are helpful. FWIW, I read the preparation guide & tried to run DDS but I get the error FINDSTR.EXE is not recognized as an internal or external command & it just hangs up there. I checked & in c:\windows\system32 is a findstr.exe file & I even copied the dds.scr file to that folder & ran it from there & get the same problem.

Any help you can offer would be greatly appreciated!!!

Susie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:18 AM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\Program Files\NetDrive\wdService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\Roxio\Media Experience\DMXLauncher.exe
F:\Program Files\NetDrive\netdrive.exe
F:\PROGRA~1\SYSTEM~1\WScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\setup_vf.exe
F:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\PROGRA~1\LAUNCH~1\lnp.exe
F:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe
C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
G:\Program Files\TiVo\Desktop\TiVoNotify.exe
G:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
F:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\JungleDisk\junglediskmonitor.exe
F:\Program Files\Launchy\Launchy.exe
F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PdaReach\PdaReach.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PdaReach\UsbMan.exe
F:\Program Files\firefox.exe
G:\Program Files\J River\ICETCP4\deja32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\iambic Software\Agendus for Windows Palm Desktop Edition\AgendusPDEd.exe
G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Wisdom-soft ScreenHunter Plus\ScreenHunter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
V:\Susie's data\WIN95UP\Hijackthis\HiJackThis\HijackThis.exe
C:\Program Files\Visioneer\OneTouch 4.0\LinkManager.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapToolbarHelper Class - {8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838} - C:\Program Files\Snap Visual Search\snapbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "f:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NapsterShell] //~c:\program files\napster\napster.exe /systray
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "F:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [WebDriveTray] f:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [WScheduler] f:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "c:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AsusTray] //~c:\program files\asus\eeepc acpi\astray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "G:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "G:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "G:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "G:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Carbonite Backup] c:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\setup_vf.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "g:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchIt NOW! Plus] F:\PROGRA~1\LAUNCH~1\lnp.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TrueCrypt] "F:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [Super Utilities] c:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CuteReminder] G:\Program Files\CuteReminderPro\CuteReminder.exe
O4 - HKCU\..\Run: [SugarSync] "G:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray
O4 - HKCU\..\Run: [Lala Music Mover] "C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "G:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "G:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = V:\Program Files\Dropbox\Dropbox.exe
O4 - Startup: Evernote.lnk = G:\Program Files\EverNote\Evernote3\EvernoteTray.exe
O4 - Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Startup: PdaReach Desktop.lnk = C:\Program Files\PdaReach\PdaReach.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: EReg.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: JungleDiskMonitor.lnk = F:\Program Files\JungleDisk\junglediskmonitor.exe
O4 - Global Startup: Launchy.lnk = F:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Monitor.lnk = F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Evernote - res://g:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to AMV Converter... - G:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - res://f:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - f:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Geni Publisher - http://www.geni.com/plugins/genipublisher.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - c:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160079154390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phoenix.frontieradjusters.com
O17 - HKLM\Software\..\Telephony: DomainName = phoenix.frontieradjusters.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{47F90757-36B2-4764-86E2-7D8DD794877D}: NameServer = 172.20.32.5 172.20.32.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0320021234406745) (0320021234406745mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Susie\LOCALS~1\Temp\032002~1.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - F:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Unknown owner - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - G:\Program Files\LogMeIn\x86\RaMaint.exe (file missing)
O23 - Service: LogMeIn - Unknown owner - G:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - c:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - F:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - f:\Program Files\NetDrive\wdService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Unknown owner - (no file)

--
End of file - 26212 bytes
--------------------------------------------------------------------------------------------------------------------------------------------------------------
FIRST MBAM log:
Malwarebytes' Anti-Malware 1.34
Database version: 1750
Windows 5.1.2600 Service Pack 2

2/11/2009 6:09:37 PM
mbam-log-2009-02-11 (18-09-37).txt

Scan type: Quick Scan
Objects scanned: 103421
Time elapsed: 27 minute(s), 33 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 3
Registry Keys Infected: 45
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 15
Files Infected: 31

Memory Processes Infected:
C:\Documents and Settings\Susie\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Unloaded process successfully.
C:\Documents and Settings\Susie\Local Settings\Temp\xcmenosraw.tmp (Rogue.Installer) -> Unloaded process successfully.
C:\Documents and Settings\Susie\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\qoMcdDWp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnkIyVm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJCuUnK.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8840a376-36a0-41aa-9f3c-605cf62cf6f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8840a376-36a0-41aa-9f3c-605cf62cf6f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomcddwp (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} (Adware.MediaMotor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193423} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193429} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-615111193427} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Application Data\cogad (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
c:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ljJaBRIA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\AIRBaJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AIRBaJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcdDWp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnkIyVm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJCuUnK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Susie\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Local Settings\Temp\xcmenosraw.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwTmmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Local Settings\Temp\raomnxcswe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Local Settings\Temp\weaxmrnosc.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Local Settings\Temporary Internet Files\Content.IE5\JUPZMVDD\apstpldr.dll[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Local Settings\Temporary Internet Files\Content.IE5\JUPZMVDD\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Program Files\FunWebProducts\ScreenSaver\Images\00497A1E.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Application Data\cogad\cogad.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
c:\Program Files\VirusRemover2008\Viruses.bdt (Rogue.VirusRemove) -> Quarantined and deleted successfully.
c:\Program Files\VirusRemover2008\VRM2008.exe (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Desktop\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susie\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------------------------------------------------------------------------------------
2nd MBAM log
Malwarebytes' Anti-Malware 1.34
Database version: 1750
Windows 5.1.2600 Service Pack 2

2/11/2009 9:50:10 PM
mbam-log-2009-02-11 (21-50-10).txt

Scan type: Quick Scan
Objects scanned: 103041
Time elapsed: 53 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------------------------------------
3rd MBAM log:
Malwarebytes' Anti-Malware 1.34
Database version: 1757
Windows 5.1.2600 Service Pack 2

2/13/2009 4:33:16 AM
mbam-log-2009-02-13 (04-33-16).txt

Scan type: Quick Scan
Objects scanned: 103950
Time elapsed: 33 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:11 AM

Posted 16 February 2009 - 12:16 AM

Hello Nothing Original,

Lets see if you are still infected.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Nothing Original

Nothing Original
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 16 February 2009 - 08:29 PM

Hi SifuMike! Thank you for your help!

Here is log.txt:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Susie at 2009-02-16 18:19:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (25%) free of 38 GB
Total RAM: 1015 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:48 PM, on 2/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
f:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\Roxio\Media Experience\DMXLauncher.exe
F:\Program Files\NetDrive\netdrive.exe
F:\PROGRA~1\SYSTEM~1\WScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\setup_vf.exe
F:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe
C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
G:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
F:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\JungleDisk\junglediskmonitor.exe
F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\PdaReach\PdaReach.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PdaReach\UsbMan.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
\?\globalroot\C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\dllhost.exe
F:\Program Files\SplashData\SplashID\SplashID Desktop.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
F:\Program Files\firefox.exe
V:\Susie's data\WIN95UP\MalwarebytesAntiMalware\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
V:\Susie's data\WIN95UP\Hijackthis\HiJackThis\Susie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {fc85dfe0-ae6f-49a9-7114-d09aa106dfd1} - {1dfd601a-a90d-4117-9a94-f6ea0efd58cf} - C:\WINDOWS\system32\qzgaww.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapToolbarHelper Class - {8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838} - C:\Program Files\Snap Visual Search\snapbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "f:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NapsterShell] //~c:\program files\napster\napster.exe /systray
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "F:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [WebDriveTray] f:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [WScheduler] f:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "c:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AsusTray] //~c:\program files\asus\eeepc acpi\astray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "G:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "G:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "G:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "G:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Carbonite Backup] c:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\setup_vf.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "g:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchIt NOW! Plus] F:\PROGRA~1\LAUNCH~1\lnp.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TrueCrypt] "F:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [Super Utilities] c:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CuteReminder] G:\Program Files\CuteReminderPro\CuteReminder.exe
O4 - HKCU\..\Run: [SugarSync] "G:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray
O4 - HKCU\..\Run: [Lala Music Mover] "C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "G:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "G:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = V:\Program Files\Dropbox\Dropbox.exe
O4 - Startup: Evernote.lnk = G:\Program Files\EverNote\Evernote3\EvernoteTray.exe
O4 - Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Startup: PdaReach Desktop.lnk = C:\Program Files\PdaReach\PdaReach.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: EReg.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: JungleDiskMonitor.lnk = F:\Program Files\JungleDisk\junglediskmonitor.exe
O4 - Global Startup: Launchy.lnk = F:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Monitor.lnk = F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Evernote - res://g:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to AMV Converter... - G:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - res://f:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - f:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Geni Publisher - http://www.geni.com/plugins/genipublisher.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - c:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160079154390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phoenix.frontieradjusters.com
O17 - HKLM\Software\..\Telephony: DomainName = phoenix.frontieradjusters.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qzgaww.dll
O20 - Winlogon Notify: awtrOgeF - C:\WINDOWS\SYSTEM32\awtrOgeF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - F:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Unknown owner - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - G:\Program Files\LogMeIn\x86\RaMaint.exe (file missing)
O23 - Service: LogMeIn - Unknown owner - G:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - c:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - F:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - f:\Program Files\NetDrive\wdService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Unknown owner - (no file)

--
End of file - 25761 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-548195580-3338435793-402719388-1007.job
C:\WINDOWS\tasks\jqgbmucc.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Susie.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Susie.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\SyncBackSE ACDSeeBackup from F to G (daily).job
C:\WINDOWS\tasks\SyncBackSE ACDSeeBackups from G to J.job
C:\WINDOWS\tasks\SyncBackSE Mastercook to JD.job
C:\WINDOWS\tasks\SyncBackSE Outlook BU (F to V).job
C:\WINDOWS\tasks\SyncBackSE Palm Desktop stuff to O drive.job
C:\WINDOWS\tasks\SyncBackSE QUICKENW to JD.job
C:\WINDOWS\tasks\SyncBackSE REDBU SSL_movies2.job
C:\WINDOWS\tasks\SyncBackSE SDCardBackup from I to JD.job
C:\WINDOWS\tasks\SyncBackSE SplashID Program & Data to Dropbox Folder.job
C:\WINDOWS\tasks\SyncBackSE SplashID.job
C:\WINDOWS\tasks\SyncBackSE SSLPaperport ( full V to X).job
C:\WINDOWS\tasks\SyncBackSE SSL_DVDS from Mybook to Simpletech.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dfd601a-a90d-4117-9a94-f6ea0efd58cf}]
C:\WINDOWS\system32\qzgaww.dll [2009-02-16 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
Popup-Blocker Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-01-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
SnapToolbarHelper Class - C:\Program Files\Snap Visual Search\snapbar.dll [2007-11-09 311296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - c:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-15 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll [2006-05-31 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - []
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=AGRSMMSG.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-06 524800]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe [2006-01-06 172032]
"STOPzilla"=C:\Program Files\STOPzilla!\STOPzilla.exe [2006-05-31 61440]
"CARPService"=carpserv.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-09-24 49152]
"TotalRecorderScheduler"=f:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2006-05-12 86016]
"NapsterShell"=//~c:\program files\napster\napster.exe /systray []
"HPHUPD06"=C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe [2006-01-06 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2006-01-06 622592]
""= []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"DMXLauncher"=F:\Program Files\Roxio\Media Experience\DMXLauncher.exe [2006-08-14 102400]
"WebDriveTray"=f:\Program Files\NetDrive\netdrive.exe [2002-08-29 294912]
"WScheduler"=f:\PROGRA~1\SYSTEM~1\WScheduler.exe [2007-06-25 75264]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-15 185896]
"mcagent_exe"=c:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-04-09 2595792]
"AsusTray"=//~c:\program files\asus\eeepc acpi\astray.exe []
"AsusACPIServer"=C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe [2007-11-14 450560]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-04-09 909208]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-04-09 136472]
"LogMeIn GUI"=G:\Program Files\LogMeIn\x86\LogMeInSystray.exe []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-05-14 30248]
"IndexSearch"=G:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-05-14 46632]
"PPort11reminder"=G:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"ScanSoft OmniPage 16-reminder"=G:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe -r C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini []
"UnlockerAssistant"=G:\Program Files\Unlocker\UnlockerAssistant.exe []
"Carbonite Backup"=c:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [2008-06-13 600000]
"HPHped06"=C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe [2004-12-16 339968]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"WinGuard Pro"=C:\WINDOWS\system32\setup_vf.exe [2008-07-31 254768]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]
"iTunesHelper"=F:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Malwarebytes' Anti-Malware"=g:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-21 68856]
"LaunchIt NOW! Plus"=F:\PROGRA~1\LAUNCH~1\lnp.exe [2008-01-15 573440]
"OpAgent"=OpAgent.exe /agent []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"TrueCrypt"=F:\Program Files\TrueCrypt\TrueCrypt.exe [2008-07-18 1225920]
"Super Utilities"=c:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe [2008-07-03 1400320]
"Google Update"=C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"CuteReminder"=G:\Program Files\CuteReminderPro\CuteReminder.exe []
"SugarSync"=G:\Program Files\SugarSync\SugarSyncManager.exe -startInTray []
"Lala Music Mover"=C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe [2008-10-17 2221360]
"AnyDVD"=F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-12-31 2489280]
"TivoTransfer"=C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2008-07-09 1189376]
"TivoNotify"=G:\Program Files\TiVo\Desktop\TiVoNotify.exe [2008-07-09 394240]
"TivoServer"=G:\Program Files\TiVo\Desktop\TiVoServer.exe [2008-07-09 1931264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacroKit]
//~f:\program files\macro buddy\macrobuddy.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor.exe]
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe [2007-10-08 1765376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recorder.exe]
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Recorder.exe [2007-10-02 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-10-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Susie^Start Menu^Programs^Startup^Timed Backups Manager StartUp.lnk]
F:\PROGRA~1\BACKUP~1\DVDTime.exe [2005-09-02 671744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
EReg.lnk - C:\WINDOWS\EReg206\Reg32.exe
HOTSYNCSHORTCUTNAME.lnk - F:\Program Files\palmOne\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
JungleDiskMonitor.lnk - F:\Program Files\JungleDisk\junglediskmonitor.exe
Launchy.lnk - F:\Program Files\Launchy\Launchy.exe
ListProAlarms.lnk - F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
Media Card Companion Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
Monitor.lnk - F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
WG111v2 Smart Wizard Wireless Setting.lnk - G:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Susie\Start Menu\Programs\Startup
Dropbox.lnk - V:\Program Files\Dropbox\Dropbox.exe
Evernote.lnk - G:\Program Files\EverNote\Evernote3\EvernoteTray.exe
ListProAlarms.lnk - F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
OneNote 2007 Screen Clipper and Launcher.lnk - G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
palmOne Registration.lnk - F:\Program Files\palmOne\register.exe
PdaReach Desktop.lnk - C:\Program Files\PdaReach\PdaReach.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="qzgaww.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrOgeF]
awtrOgeF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
LMIinit.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=c:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\awtrOgeF.dll [2009-02-16 35328]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktop"=
"NoViewContextMenu"=
"NoRun"=
"NoStartMenuMorePrograms"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\WINDOWS\system32\ntvdm.exe"="C:\WINDOWS\system32\ntvdm.exe:*:Enabled:NTVDM.EXE"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"F:\SusiesTivoFiles\TiVoServer.exe"="F:\SusiesTivoFiles\TiVoServer.exe:*:Enabled:TiVo Server"
"F:\Susie2\Susie's data\WIN95UP\uTorrent\utorrent.exe"="F:\Susie2\Susie's data\WIN95UP\uTorrent\utorrent.exe:*:Enabled:ÁTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICE.TCP\FTPWIN.EXE"="C:\Program Files\ICE.TCP\FTPWIN.EXE:*:Enabled:ftpwin"
"F:\Program Files\TiVo\Desktop\TiVoServer.exe"="F:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server"
"F:\Program Files\palmOne\Hotsync.exe"="F:\Program Files\palmOne\Hotsync.exe:*:Enabled:HotSync« Manager Application"
"F:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe"="F:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe:*:Enabled:Serv-U FTP Server"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"F:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="F:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"F:\Program Files\firefox.exe"="F:\Program Files\firefox.exe:*:Enabled:Firefox"
"F:\Program Files\JungleDisk\junglediskmonitor.exe"="F:\Program Files\JungleDisk\junglediskmonitor.exe:*:Enabled:Jungle Disk Monitor"
"C:\Documents and Settings\Susie\Desktop\Skype.exe"="C:\Documents and Settings\Susie\Desktop\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"Q:\setup\HPZnet01.exe"="Q:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"="C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"G:\Program Files\TiVo\Desktop\TiVoServer.exe"="G:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"G:\Program Files\TiVo\Desktop\TiVoDesktop.exe"="G:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface"
"G:\Program Files\TiVo\Desktop\curl.exe"="G:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
shell\AutoRun\command - Z:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ec6c95b-bebd-11dc-9e30-000ffe3d8d24}]
shell\AutoRun\command - D:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eb15a1-2ae4-11db-9926-000ffe3d8d24}]
shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77f57ca6-b180-11dc-9e26-000ffe3d8d24}]
shell\AutoRun\command - D:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - D:\system\viewer\FlipVideoforPC.exe


======List of files/folders created in the last 1 months======

2009-02-16 18:19:33 ----D---- C:\rsit
2009-02-16 18:12:04 ----A---- C:\WINDOWS\system32\qzgaww.dll
2009-02-16 18:12:03 ----A---- C:\WINDOWS\system32\efcDUmlL.dll
2009-02-16 17:11:46 ----A---- C:\WINDOWS\system32\crkjec.dll
2009-02-16 17:11:44 ----A---- C:\WINDOWS\system32\fccyaATm.dll
2009-02-16 17:06:39 ----A---- C:\WINDOWS\system32\awtrOgeF.dll
2009-02-16 17:06:37 ----N---- C:\WINDOWS\system32\clickfile.exe
2009-02-12 16:29:39 ----A---- C:\WINDOWS\system32\winlogon2.exe
2009-02-11 16:28:54 ----D---- C:\Documents and Settings\Susie\Application Data\Malwarebytes
2009-02-11 16:28:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-11 12:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 12:28:50 ----D---- C:\WINDOWS\SQL9_KB960089_ENU
2009-01-27 14:53:34 ----A---- C:\WINDOWS\OverlayXP.ini
2009-01-26 11:46:18 ----D---- C:\Documents and Settings\All Users\Application Data\webcamXP5
2009-01-19 11:59:10 ----D---- C:\Documents and Settings\All Users\Application Data\TiVo
2009-01-19 09:17:04 ----D---- C:\Program Files\Common Files\DESIGNER

======List of files/folders modified in the last 1 months======

2009-02-16 18:12:04 ----D---- C:\WINDOWS\system32
2009-02-16 17:16:15 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-16 17:15:28 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-02-16 17:14:24 ----D---- C:\WINDOWS\Registration
2009-02-16 17:14:05 ----D---- C:\WINDOWS\Temp
2009-02-16 17:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-16 16:51:56 ----D---- c:\Program Files\McAfee
2009-02-16 16:51:39 ----SHD---- C:\WINDOWS\CSC
2009-02-16 16:35:14 ----D---- C:\Documents and Settings\Susie\Application Data\Launchy
2009-02-16 16:10:30 ----D---- C:\WINDOWS\Prefetch
2009-02-16 12:24:52 ----AC---- C:\WINDOWS\psdxport.ini
2009-02-16 12:24:52 ----AC---- C:\WINDOWS\psdewin.ini
2009-02-16 10:08:05 ----A---- C:\WINDOWS\ICETCP.INI
2009-02-16 09:04:43 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-15 12:09:04 ----SHD---- C:\WINDOWS\Installer
2009-02-15 12:09:04 ----HD---- C:\Config.Msi
2009-02-15 12:09:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-15 04:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-13 11:11:08 ----AD---- C:\WINDOWS
2009-02-13 09:38:42 ----D---- c:\Program Files\Wisdom-soft ScreenHunter Plus
2009-02-13 07:02:31 ----HD---- C:\WINDOWS\inf
2009-02-13 06:59:34 ----D---- C:\WINDOWS\system32\drivers
2009-02-13 06:54:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-12 12:55:51 ----D---- C:\WINDOWS\repair
2009-02-12 07:35:43 ----D---- c:\Program Files\Microsoft Office
2009-02-12 07:35:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-12 07:35:43 ----AC---- C:\WINDOWS\vbaddin.ini
2009-02-12 07:06:57 ----SD---- C:\WINDOWS\Tasks
2009-02-11 18:09:08 ----RD---- C:\Program Files
2009-02-11 12:42:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-11 12:40:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 12:34:36 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-11 12:32:13 ----D---- c:\Program Files\Microsoft SQL Server
2009-02-11 12:26:49 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 12:21:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 12:18:23 ----D---- c:\Program Files\Internet Explorer
2009-02-11 12:14:44 ----D---- C:\WINDOWS\ie7updates
2009-02-06 13:33:07 ----A---- C:\WINDOWS\FTPWIN.INI
2009-02-03 16:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-30 10:02:19 ----D---- c:\Program Files\PdaReach
2009-01-29 18:34:44 ----AC---- C:\WINDOWS\daytimer.ini
2009-01-29 17:13:53 ----AC---- C:\WINDOWS\DTO2KXSV.INI
2009-01-29 17:13:50 ----A---- C:\WINDOWS\win.ini
2009-01-28 12:04:14 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-01-23 13:48:17 ----D---- C:\Documents and Settings\All Users\Application Data\NeatReceipts Professional
2009-01-21 09:11:59 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-01-19 15:59:47 ----D---- C:\Program Files\Common Files\System
2009-01-19 13:43:29 ----D---- c:\Program Files\VideoReDoPlus
2009-01-19 13:41:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-19 12:01:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-19 11:59:10 ----D---- C:\Program Files\Common Files\TiVo Shared
2009-01-19 09:18:56 ----D---- C:\WINDOWS\WinSxS
2009-01-19 09:18:01 ----D---- c:\Program Files\Microsoft Works
2009-01-19 09:17:04 ----D---- c:\Program Files\Common Files
2009-01-19 09:16:47 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-12-31 24872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-09 213640]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 SuperMounter;SuperMounter; C:\WINDOWS\system32\drivers\SuperMounter.sys [2008-02-24 11264]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-05 19915]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2002-11-06 11011]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2002-12-18 22400]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-07-16 44384]
R2 WebDriveFSD;WebDrive File System Driver; \??\f:\Program Files\NetDrive\rffsd.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-08-03 120094]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-08-03 96858]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-30 103360]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-09 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-09 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-01-09 40552]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-06-26 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 SndTAudio;SndTAudio; C:\WINDOWS\system32\drivers\SndTAudio.sys [2008-11-11 23096]
R3 SndTVideo;SndTVideo; C:\WINDOWS\system32\DRIVERS\SndTVideo.sys [2008-11-11 3768]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-06-21 15488]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-06-20 9072]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-06-20 9200]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaqixsoawy.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\G:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\Y:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-11-17 125952]
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2002-12-18 1067008]
S3 HSFHWCD2;HSFHWCD2; C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys [2002-12-18 153984]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-01-09 34216]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-01-30 16694]
S3 Pcatip;Pcatip; C:\WINDOWS\System32\DRIVERS\Pcatip.sys [2007-06-24 68608]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 112384]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-11-30 43136]
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SmartpenBus;Smartpen Enumerator; C:\WINDOWS\system32\DRIVERS\SmartpenBus.sys [2008-02-11 38528]
S3 SmartpenCom;Smartpen Communications; C:\WINDOWS\system32\DRIVERS\SmartpenCom.sys [2008-02-11 35328]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-06-13 513536]
S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-05-26 22768]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-01-19 503144]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-12-18 585856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-11-02 76672]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-04-13 239488]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-10-27 50688]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-03 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-04-09 431384]
R2 AgentSrv;Connected Agent Service; C:\Program Files\Quicken Online Backup\AgentSrv.EXE [2007-05-22 258048]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CarboniteService;CarboniteService; c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2008-06-13 1700288]
R2 Diskeeper;Diskeeper; F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-04-04 1123608]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 168432]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 MBAMService;MBAMService; g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-01-09 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-01-09 884360]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 MSSQL$NR2007;SQL Server (NR2007); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller; C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2008-02-05 228480]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor; C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe [2007-11-12 131072]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 Serv-U;Serv-U FTP Server; F:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe [2007-01-29 897024]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 szserver;STOPzilla Service; C:\Program Files\Common Files\STOPzilla!\szserver.exe [2006-05-31 20536]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-07-09 868864]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 WebDriveService;WebDrive Service; f:\Program Files\NetDrive\wdService.exe [2002-03-21 94208]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-01-09 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 LMIMaint;LogMeIn Maintenance Service; G:\Program Files\LogMeIn\x86\RaMaint.exe []
S2 LogMeIn;LogMeIn; G:\Program Files\LogMeIn\x86\LogMeIn.exe []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [2006-08-10 294912]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2006-10-27 303104]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-10-27 159744]
S2 WUSB54Gv4SVC;WUSB54Gv4SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 ADVService;Amazon Unbox Video Service; F:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [2006-09-22 15400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-09 365072]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [2006-08-10 57344]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-10-27 880640]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); c:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2008-11-11 200704]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-07-20 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------


Here is info.txt:

info.txt logfile of random's system information tool 1.05 2009-02-16 18:26:19

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Zoom Telephonics, Inc.\Zoom 56K Modem Drivers\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3GP Video Converter 3-->f:\Program Files\Xilisoft\3GP Video Converter 3\Uninstall.exe
3ivx MPEG-4 5.0.3 (remove only)-->"c:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
ACDSee Photo Manager 2009-->MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463}
Acoustica CD/DVD Label Maker-->F:\Program Files\Acoustica CD Label Maker\uisurvey.exe
Acoustica MP3 CD Burner-->F:\PROGRA~1\ACOUST~1\UNWISE.EXE F:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acoustica Photos Forever-->F:\PROGRA~1\ACOUST~2\UNWISE.EXE F:\PROGRA~1\ACOUST~2\INSTALL.LOG
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adder Robot 3.0.6-->C:\Program Files\Adder Robot\Uninstall.exe
Adder Robot-->C:\Program Files\Adder Robot\Uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced MP3 Catalog 3.36-->"f:\Program Files\Advanced MP3 Catalog\unins000.exe"
Agere Systems PCI Soft Modem-->agrsmdel
Album Art Downloader XUI 0.24-->g:\Program Files\AlbumArtDownloader\uninst.exe
AllWebMenus PRO v4.2-->C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
AllWebMenus PRO v4-->C:\PROGRA~1\ALLWEB~1\UNWISE.EXE C:\PROGRA~1\ALLWEB~1\INSTALL.LOG
Amazon MP3 Downloader 1.0.3-->g:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Amazon Unbox Video-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{54A4839E-87F8-4BD1-9682-A349E9943F0A}
AnyDVD-->"f:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="f:\Program Files\SlySoft\AnyDVD"
AoA DVD Ripper-->"C:\Program Files\AoA DVD Ripper\unins000.exe"
Asus ACPI Driver-->MsiExec.exe /X{19F5658D-92E8-4A08-8657-D38ABB1574B2}
Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"
AudioList Plus-->F:\PROGRA~1\AUDIOL~1\UNWISE.EXE F:\PROGRA~1\AUDIOL~1\INSTALL.LOG
Avi2Dvd 0.4.5 beta-->F:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5-->"f:\Program Files\AviSynth 2.5\Uninstall.exe"
AxCrypt (Remove Only)-->"g:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Backup Plus DVD Edition v1.0-->"f:\Program Files\Backup Plus DVD Edition\unins000.exe"
Beyond Compare Version 2.5.2-->"f:\Program Files\Beyond Compare 2\unins000.exe"
BitLord 1.1-->f:\Program Files\BitLord\uninst.exe
Blender (remove only)-->"f:\Program Files\Blender Foundation\Blender\uninstall.exe"
Carbonite-->c:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe /remove
CCleaner (remove only)-->"g:\Program Files\CCleaner\uninst.exe"
CD Trustee-->C:\WINDOWS\uninst.exe -f"f:\Program Files\CDTrustee\DeIsL2.isu" -cf:\PROGRA~1\CDTRUS~1\_ISREG32.DLL
CDRoller version 6.11-->"C:\Program Files\CDRoller\unins000.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"f:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="f:\Program Files\Elaborate Bytes\CloneDVD2"
Codec Pack - All In 1 6.0.2.6-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
CoffeeCup WebCam-->G:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE G:\PROGRA~1\COFFEE~1\COFFEE~1\VidCam.log
Combined Community Codec Pack 2008-01-24-->"c:\Program Files\Combined Community Codec Pack\unins001.exe"
CreataCard Plus 2-->C:\WINDOWS\uninst.exe -f"f:\Program Files\CreataCard\Plus\DeIsL1.isu"
Cute Reminder Professional Edition 2.6-->"g:\Program Files\CuteReminderPro\unins000.exe"
CutePDF Writer 2.7-->c:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dart XP Pro-->"f:\Program Files\Dart XP Pro\unins000.exe"
Day-Timer Organizer 2000-->C:\WINDOWS\dtorem32.exe dt2krm32.ini
dBpowerAMP Mp4 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
DivX Player-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
Documents To Go-->MsiExec.exe /X{0DC00F90-E7E7-4B19-959A-0A53032DA52C}
DoInventory Plus-->F:\PROGRA~1\DOINVE~1\UNWISE.EXE F:\PROGRA~1\DOINVE~1\INSTALL.LOG
DoubleKiller Pro - Demo-->V:\Susie's data\WIN95UP\DoubleKillerPro\doublekillerpro_demo\DoubleKiller.exe -uninstall
Dropbox-->"v:\Program Files\Dropbox\uninstall.exe"
Duplicate Cleaner 1.3-->"g:\Program Files\Duplicate Cleaner\unins000.exe"
Duplicate Finder-->"g:\Program Files\Duplicate Finder\unins000.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Identifier-->"f:\Program Files\DVD Identifier\Uninst\unins000.exe"
DVD Photo Slideshow Pro 7.92-->f:\Program Files\DVD Photo Slideshow Professional\uninst.exe
DVD-lab PRO 1.53-->"C:\Program Files\DVDlabPro\unins000.exe"
EasyConvert 1.30-->"f:\Program Files\EasyConvert for FontSmoother and Plucker\unins000.exe"
EDraw Mind Map 1-->"g:\Program Files\EDraw Mind Map\unins000.exe"
Effective File Search 5.0-->"f:\Program Files\efs\UnRun.exe" "f:\Program Files\efs\Uninst.exe"
EverNote-->C:\Program Files\InstallShield Installation Information\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}\setup.exe -runfromtemp -l0x0009 -removeonly
Evernote-->C:\Program Files\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe -runfromtemp -l0x0009 -removeonly
File Shredder 2.0-->"g:\Program Files\File Shredder\unins000.exe"
foobar2000 v0.9.5.6-->"g:\Program Files\foobar2000\uninstall.exe"
FotoSlate 4-->MsiExec.exe /I{03ACA757-D71B-467C-96AA-70012641B7C5}
FreeOcr V1-->"f:\Program Files\FreeOcr\unins000.exe"
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->C:\WINDOWS\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
GenoPro 2.0.1.4-->f:\Program Files\GenoPro\Uninstall.exe
GHCS Software GedStar PRO for PalmOS-->C:\WINDOWS\ctpu.exe -uf:\Program Files\GedStar Pro\install.log -lC:\WINDOWS\ResEnu.dll
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GSplit 2.1-->f:\Program Files\GSplit\Uninst.exe
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
Handmark« Monopoly« for Palm OS-->C:\WINDOWS\unvise32.exe f:\Program Files\Handmark\Monopoly for Palm OS\uninstal.log
Handmark« YAHTZEE« for Palm OS-->C:\WINDOWS\unvise32.exe f:\Program Files\Handmark\YAHTZEE for Palm OS\uninstal.log
HealthFile Plus-->F:\PROGRA~1\HEALTH~1\UNWISE.EXE F:\PROGRA~1\HEALTH~1\INSTALL.LOG
HijackThis 2.0.2-->"V:\Susie's data\WIN95UP\Hijackthis\HiJackThis\HijackThis.exe" /uninstall
History Clean 2.0-->"f:\Program Files\History Clean\unins000.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909423)-->"C:\WINDOWS\$NtUninstallKB909423$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HotKeyz 2.7.2.0-->"g:\Program Files\Skynergy\HotKeyz\unins000.exe"
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center and Imaging Support Tools 6.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
ICE.TCP 4.3.1 for Windows 95-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ICE.TCP\DeIsL1.isu"
ICE.TCP 4.4 32-bit-->C:\WINDOWS\IsUninst.exe -f"g:\Program Files\J River\ICETCP4\Uninst.isu"
ICE.TCP Pro-->C:\WINDOWS\IsUninst.exe -f"f:\Program Files\J River\ICETCP5\Uninst.isu"
Image Catalog 4.0.6 Free-->"f:\Program Files\ImCat\unins000.exe"
ImCat Pro-->C:\WINDOWS\iun506.exe f:\Program Files\ImCat Pro\irunin.ini
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Iomega App Services-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
IsoBuster 1.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jasc Animation Shop 3 20041030_07 Help file Patch-->C:\Program Files\Jasc Software Inc\Animation Shop 3\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\ANIMAT~1\INSTALL.LOG
Jasc Paint Shop Pro 9 GDI+ Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java Web Start-->"C:\Program Files\Java\jre1.5.0_06\bin\uninst-javaws.exe"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Jungle Disk for Windows-->F:\PROGRA~1\JUNGLE~1\UNWISE.EXE F:\PROGRA~1\JUNGLE~1\INSTALL.LOG
Karen's Directory Printer-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\DirPrn\ST6UNST.LOG"
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
LaunchIt NOW! Plus 2006-->"f:\Program Files\LaunchIt NOW! Plus\unins000.exe"
Launchy 1.0-->"f:\Program Files\Launchy\unins000.exe"
Libra 2.1.4-->"g:\Program Files\Libra\unins000.exe"
ListPro 5.0 Palm OS & Windows PC-->"f:\Program Files\Ilium Software\ListPro\unins000.exe"
Macro Buddy 1.55-->"f:\Program Files\Macro Buddy\unins000.exe"
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Malwarebytes' Anti-Malware-->"g:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MasterCook 5: Cooking Light-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\MasterCook 5\Uninst2.isu" -c"C:\SIERRA\MasterCook 5\uninst32.DLL" -c"C:\SIERRA\MasterCook 5\uninst32.DLL"
McAfee SecurityCenter-->c:\Program Files\McAfee\MSC\mcuninst.exe
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
MediaMonkey 3.0-->"g:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTEHS /dll OSETUP.DLL
Microsoft Office Visio Standard 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISSTDR /dll OSETUP.DLL
Microsoft Project 2000-->MsiExec.exe /I{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}
Microsoft SQL Server 2005 Express Edition (NR2007)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.20)-->F:\Program Files\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
My Diary Desk 5.00-->V:\PROGRA~1\MYDIAR~1\UNWISE.EXE V:\PROGRA~1\MYDIAR~1\INSTALL.LOG
nCleaner second 2.3.4.0-->G:\Program Files\NKProds\nCleaner\uninstall.exe
NeatReceipts Professional-->g:\Program Files\NeatReceipts Professional\uninstallNR.exe
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NetDrive-->C:\WINDOWS\IsUninst.exe -f"f:\Program Files\NetDrive\Uninst.isu" -c"f:\Program Files\NetDrive\uninstall.dll"
Netscape (7.2)-->C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
PalmSource Package Installer 1.5-->F:\Program Files\palmOne\PackageInstaller\PackageInstallerUninstall.exe
PalmVNC 2.0-->"f:\Program Files\PalmVNC\unins000.exe"
PDACookbook Plus Version 5-->"f:\Program Files\PDACookbook\uninst\unins000.exe"
PdaReach 1.54-->"c:\Program Files\PdaReach\unins000.exe"
PFCD 2.0.2-->"f:\Program Files\PFCD\unins000.exe"
Pocket Quicken 2.5 for Palm OS-->F:\PROGRA~1\LandWare\POCKET~1.5FO\UNWISE.EXE /U F:\PROGRA~1\LandWare\POCKET~1.5FO\INSTALL.LOG
Qloud Plugin for iTunes-->c:\Program Files\Qloud\iTunesQloudPluginUninstall.exe
Quicken WillMaker Plus 2008-->C:\WINDOWS\unvise32.exe g:\Program Files\Quicken WillMaker Plus 2008\uninstal.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ReNamer-->"C:\Program Files\ReNamer\unins000.exe"
Replace in Files-->C:\Program Files\ReplAll\UNINSTAL.EXE
Replay AV 8-->C:\WINDOWS\iun6002.exe "f:\Program Files\Replay AV 8\uninstall8.ini"
Resco Photo Viewer for PalmOS-->C:\WINDOWS\rsetuppalmEn.exe -uninstC:\Program Files\Resco\Photo Viewer for PalmOS\_Install.log
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Riva FLV Encoder 2.0-->"f:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Riva FLV Player-->"f:\Program Files\Riva\Riva FLV Player\unins000.exe"
ScanSoft PaperPort 11-->MsiExec.exe /I{1F68C868-B5AF-4836-8A46-C030BBE1EDB3}
Screen Recorder Gold-->F:\PROGRA~1\SCREEN~1\UNWISE.EXE F:\PROGRA~1\SCREEN~1\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939373)-->"C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942830)-->"C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942831)-->"C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Serv-U 6.4-->"f:\Program Files\RhinoSoft.com\Serv-U\unins000.exe"
Shozam-->"g:\Program Files\Shozam\unins000.exe"
SmartFTP Client 2.0 Setup Files (remove only)-->"f:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Snap Visual Search-->"C:\Program Files\Snap Visual Search\uninstall.exe" -t
SoftK56 Data Fax Voice CARP-->C:\Program Files\CONEXANT\CNXT_MODEM_USB_VID_0572&PID_1301\HXFSETUP.EXE -U -IVID_0572&PID_1301
Software Setup-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\COMPAQ\Software Setup\Uninst.isu" -c"C:\Program Files\COMPAQ\Software Setup\CPQUNST.DLL"
SoundTaxi 3.6.5-->"g:\Program Files\SoundTaxi\unins000.exe"
Stamps.com-->"C:\Documents and Settings\All Users\Application Data\{AAB05A04-4879-465E-AA82-84D6B9AA24F5}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
STOPzilla!-->MsiExec.exe /X{0D3939DF-923C-4B4A-AB80-B0C1762A8BC4}
Style Master 4-->MsiExec.exe /I{29EAEEAB-781B-4E9B-83F7-8D080393B096}
Super Utilities Pro 8.3-->"c:\Program Files\SuperLogix\Super Utilities\unins000.exe"
SWF Toolbox 3.0-->"f:\Program Files\Eltima Software\SWF Toolbox\unins000.exe"
SWiSH Jukebox-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Jukebox\uninstal.log
SWiSH Max2-->C:\WINDOWS\unvise32.exe f:\Program Files\SWiSH Max2\uninstal.log
SWiSH Video3-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Video3\uninstal.log
SWiSHmax-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
SWiSHpix-->C:\WINDOWS\unvise32.exe f:\Program Files\SWiSHpix\uninstal.log
SWiSHpixAC-->C:\WINDOWS\unvise32.exe f:\Program Files\SWiSHpixAC\uninstal.log
SWiSHpixTC-->C:\WINDOWS\unvise32.exe f:\Program Files\SWiSHpixTC\uninstal.log
SWiSHstudio-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHstudio\uninstal.log
SWiSHvideo2-->C:\WINDOWS\unvise32.exe f:\Program Files\SWiSHvideo2\uninstal.log
SWiSHzone.com FLV Filter-->C:\WINDOWS\unvise32.exe f:\Program Files\SWiSHzone.com FLV Filter\uninstal.log
SyncBackSE-->"f:\Program Files\2BrightSparks\SyncBackSE\unins000.exe"
System Scheduler 3.73-->"f:\Program Files\SystemScheduler\unins000.exe"
The Print Shop Ensemble III-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL3.isu
TimeLock 6.00-->"g:\Program Files\TimeLock\unins000.exe"
TinCam 1.05-->"g:\Program Files\TinCam\unins000.exe"
Total Recorder 6.0-->"f:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
TrueCrypt-->"f:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
tunebite 3.0.1.8-->"g:\Program Files\tunebite\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ultra JPEG Tagger 1.2.3-->"f:\Program Files\Ujeta\unins000.exe"
Unlocker 1.8.7-->g:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
version 5.1.2-->"f:\Program Files\ADShareit\swf2videopro\unins000.exe"
VideoLAN VLC media player 0.8.6h-->g:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.06-->f:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
VideoReDo/Plus Version 2.5.6.512-->"f:\Program Files\VideoReDoPlus\unins000.exe"
VSO CopyToDVD 3-->"f:\Program Files\VSO\unins000.exe"
VSO Inspector 1.2.7d-->"C:\Program Files\vso\tools\unins000.exe"
webcamXP Lite-->"g:\Program Files\wLite\wl-uninst.exe"
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Win AVI HelixSDK-->"F:\Program Files\WinAVIVideoConverter\HelixSDK\unins000.exe"
WinASO RegDefrag 1.0-->"C:\Program Files\WinASO\RegDefrag 1.0\unins000.exe"
WinASO Registry Optimizer 2.0.5-->"C:\Program Files\WinASO\Registry Optimizer 2.0\unins000.exe"
WinAVIVideoConverter-->"f:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"c:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"c:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->f:\Program Files\WinRAR\uninstall.exe
Wisdom-soft ScreenHunter 4.0 Plus-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
WONswap-->C:\Program Files\WON\WONswap\WONswapUninstall.exe
Xvid 1.1.2 final uninstall-->"f:\Program Files\Xvid\unins000.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZLauncher ThemeMaker Version 2.1.0-->"f:\ZLauncher ThemeMaker\unins000.exe"

======Hosts File======

127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 localmachine # ***Inserted By STOPzilla***
127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: SUSIE
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.

Record Number: 119544
Source Name: Service Control Manager
Time Written: 20090202105010.000000-420
Event Type: information
User:

Computer Name: SUSIE
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.

Record Number: 119543
Source Name: Service Control Manager
Time Written: 20090202105010.000000-420
Event Type: information
User: SUSIE\Susie

Computer Name: SUSIE
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.

Record Number: 119542
Source Name: Service Control Manager
Time Written: 20090202103411.000000-420
Event Type: information
User:

Computer Name: SUSIE
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.

Record Number: 119541
Source Name: Service Control Manager
Time Written: 20090202103411.000000-420
Event Type: information
User: SUSIE\Susie

Computer Name: SUSIE
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.

Record Number: 119540
Source Name: Service Control Manager
Time Written: 20090202103411.000000-420
Event Type: information
User:

Application event log

Computer Name: SUSIE
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 14438
Source Name: AutoEnrollment
Time Written: 20090129003024.000000-420
Event Type: error
User:

Computer Name: SUSIE
Event Code: 24
Message: The analysis for Automatic Defragmentation failed to start on volume SSLCARD1 (D:).

Record Number: 14437
Source Name: Diskeeper
Time Written: 20090129002117.000000-420
Event Type: information
User:

Computer Name: SUSIE
Event Code: 24
Message: The analysis for Automatic Defragmentation failed to start on volume SSLCARD1 (D:).

Record Number: 14436
Source Name: Diskeeper
Time Written: 20090128232047.000000-420
Event Type: information
User:

Computer Name: SUSIE
Event Code: 24
Message: The analysis for Automatic Defragmentation failed to start on volume SSLCARD1 (D:).

Record Number: 14435
Source Name: Diskeeper
Time Written: 20090128222016.000000-420
Event Type: information
User:

Computer Name: SUSIE
Event Code: 24
Message: The analysis for Automatic Defragmentation failed to start on volume SSLCARD1 (D:).

Record Number: 14434
Source Name: Diskeeper
Time Written: 20090128211950.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\;C:\Program Files\Common Files\NeatReceipts\NeatOCR 2.0\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;F:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Qloud\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ICETCP"=C:\PROGRA~1\ICE.TCP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"AFPHOME"=g:\Program Files\Livescribe\Livescribe Desktop\AfpHome

-----------------EOF-----------------

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:11 AM

Posted 17 February 2009 - 12:21 AM

Hello Nothing Original,



You are still infected so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your McAfee Antivirus before running ComboFix, as it will prevent it from running.

To disable MCAFEE SECURITY CENTER 7.1
Please navigate to the system tray and double-click the taskbar icon to open Security Center.
Click Advanced Menu (bottom mid-left).
Click Configure (left).
Click Computer & Files (top left).
VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
Do the same via Internet & Network for Firewall Plus.





Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Nothing Original

Nothing Original
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 February 2009 - 12:23 PM

Hi SifuMike! Ok, I did disable McAfee (but when it asked, instead of saying NEVER, I said an hour, since I thought that would cover me. (Sorry!)) So it ran awhile & then I went to bed & this morning, it had rebooted. Then combofix proceeded to do more stuff & then needed to reboot again. However, it stayed at the "saving your settings" Windows dialog box for over 40 minutes, so I unplugged & then restarted. CF continued & said McAfee was running...I checked everything & it seemed good, but then it said it was still running & continue at my own risk. So I went back into McAfee & then found where I needed to turn it off& this time, when it asked, I said NEVER...so I think it really was off by the time I hit the CF continue button. CF then continued doing it's thing. Here is the log:

ComboFix 09-02-15.01 - Susie 2009-02-17 8:46:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.440 [GMT -7:00]
Running from: v:\susie's data\WIN95UP\MalwarebytesAntiMalware\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Susie\Application Data\inst.exe
c:\documents and settings\Susie\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\IE4 Error Log.txt
c:\windows\system32\_004079_.tmp.dll
c:\windows\system32\_004080_.tmp.dll
c:\windows\system32\_004081_.tmp.dll
c:\windows\system32\_004082_.tmp.dll
c:\windows\system32\_004089_.tmp.dll
c:\windows\system32\_004090_.tmp.dll
c:\windows\system32\_004091_.tmp.dll
c:\windows\system32\_004092_.tmp.dll
c:\windows\system32\_004093_.tmp.dll
c:\windows\system32\_004094_.tmp.dll
c:\windows\system32\_004095_.tmp.dll
c:\windows\system32\_004096_.tmp.dll
c:\windows\system32\_004097_.tmp.dll
c:\windows\system32\_004098_.tmp.dll
c:\windows\system32\_004099_.tmp.dll
c:\windows\system32\_004100_.tmp.dll
c:\windows\system32\_004101_.tmp.dll
c:\windows\system32\_004102_.tmp.dll
c:\windows\system32\_004103_.tmp.dll
c:\windows\system32\_004105_.tmp.dll
c:\windows\system32\_004106_.tmp.dll
c:\windows\system32\_004107_.tmp.dll
c:\windows\system32\_004108_.tmp.dll
c:\windows\system32\_004109_.tmp.dll
c:\windows\system32\_004113_.tmp.dll
c:\windows\system32\_004114_.tmp.dll
c:\windows\system32\_004116_.tmp.dll
c:\windows\system32\_004118_.tmp.dll
c:\windows\system32\_004119_.tmp.dll
c:\windows\system32\_004120_.tmp.dll
c:\windows\system32\_004121_.tmp.dll
c:\windows\system32\_004122_.tmp.dll
c:\windows\system32\_004123_.tmp.dll
c:\windows\system32\_004124_.tmp.dll
c:\windows\system32\_004125_.tmp.dll
c:\windows\system32\_004126_.tmp.dll
c:\windows\system32\_004127_.tmp.dll
c:\windows\system32\_004129_.tmp.dll
c:\windows\system32\_004130_.tmp.dll
c:\windows\system32\_004131_.tmp.dll
c:\windows\system32\_004132_.tmp.dll
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004134_.tmp.dll
c:\windows\system32\_004135_.tmp.dll
c:\windows\system32\_004138_.tmp.dll
c:\windows\system32\_004139_.tmp.dll
c:\windows\system32\_004140_.tmp.dll
c:\windows\system32\_004141_.tmp.dll
c:\windows\system32\_004142_.tmp.dll
c:\windows\system32\_004144_.tmp.dll
c:\windows\system32\_004145_.tmp.dll
c:\windows\system32\_004146_.tmp.dll
c:\windows\system32\_004148_.tmp.dll
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004152_.tmp.dll
c:\windows\system32\_004156_.tmp.dll
c:\windows\system32\_004157_.tmp.dll
c:\windows\system32\_004159_.tmp.dll
c:\windows\system32\_004162_.tmp.dll
c:\windows\system32\_004163_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004166_.tmp.dll
c:\windows\system32\_004167_.tmp.dll
c:\windows\system32\_004168_.tmp.dll
c:\windows\system32\_004171_.tmp.dll
c:\windows\system32\_004172_.tmp.dll
c:\windows\system32\_004173_.tmp.dll
c:\windows\system32\_004174_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaqixsoawy.sys
c:\windows\system32\senekadgxspvwt.dll
c:\windows\system32\senekaecxepjab.dll
c:\windows\system32\senekakvvefrke.dat
c:\windows\system32\senekatverpjsq.dll
c:\windows\system32\senekaurobvype.dat
c:\windows\system32\vrecorder.dll
c:\windows\system32\w32apiw.dll
c:\windows\system32\winlogon2.exe
c:\windows\Tasks\jqgbmucc.job
Z:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_NPF
-------\Legacy_SERV-U
-------\Service_NPF
-------\Service_Serv-U


((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-16 18:19 . 2009-02-16 18:26 <DIR> d-------- C:\rsit
2009-02-16 17:06 . 2009-02-16 17:06 46,080 --------- c:\windows\system32\clickfile.exe
2009-02-14 21:45 . 2009-02-14 21:45 236,188 --a------ C:\ScreenHunter_011.jpg
2009-02-14 21:39 . 2009-02-14 21:39 197,812 --a------ C:\ScreenHunter_010.jpg
2009-02-14 15:30 . 2009-02-14 15:30 188,934 --a------ C:\ScreenHunter_009.jpg
2009-02-14 06:58 . 2009-02-14 06:58 185,717 --a------ C:\ScreenHunter_008.jpg
2009-02-13 12:24 . 2009-02-13 12:24 120,676 --a------ C:\ScreenHunter_007.jpg
2009-02-13 12:16 . 2009-02-13 12:16 110,262 --a------ C:\ScreenHunter_006.jpg
2009-02-13 11:40 . 2009-02-13 10:52 368,961 --a------ c:\windows\system32\dds.scr
2009-02-13 09:41 . 2009-02-13 09:41 150,101 --a------ C:\ScreenHunter_005.jpg
2009-02-13 09:38 . 2009-02-13 09:38 87,985 --a------ C:\ScreenHunter_004.jpg
2009-02-13 09:36 . 2009-02-13 09:36 121,313 --a------ C:\ScreenHunter_003.jpg
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\Susie\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:28 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 16:08 . 2009-02-17 09:08 2,204 --a------ c:\windows\zpzoanmb
2009-02-11 12:28 . 2009-02-11 12:28 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-02 09:14 . 2009-02-04 07:17 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2009-01-27 14:53 . 2009-01-28 12:04 25 --a------ c:\windows\OverlayXP.ini
2009-01-26 11:46 . 2009-01-26 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\webcamXP5
2009-01-19 11:59 . 2009-01-19 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\TiVo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 16:53 --------- d-----w c:\documents and settings\Susie\Application Data\Launchy
2009-02-17 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-17 00:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-16 23:51 --------- d-----w c:\program files\McAfee
2009-02-15 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-13 16:38 --------- d-----w c:\program files\Wisdom-soft ScreenHunter Plus
2009-02-11 19:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 17:02 --------- d-----w c:\program files\PdaReach
2009-01-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2009-01-19 20:43 --------- d-----w c:\program files\VideoReDoPlus
2009-01-19 20:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 19:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 18:59 --------- d-----w c:\program files\Common Files\TiVo Shared
2009-01-19 16:18 --------- d-----w c:\program files\Microsoft Works
2009-01-16 17:06 --------- d-----w c:\program files\Common Files\Livescribe
2009-01-16 17:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 16:01 --------- d-----w c:\program files\Google
2009-01-14 15:59 --------- d-----w c:\documents and settings\Susie\Application Data\CuteReminderPro
2009-01-09 19:03 79,304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 19:03 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 19:03 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-01-09 19:03 34,216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-01-09 19:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-01-09 14:59 --------- d-----w c:\documents and settings\Susie\Application Data\tunebite
2009-01-07 02:47 --------- d-----w c:\program files\Safari
2009-01-07 02:46 --------- d-----w c:\program files\PixiePack Codec Pack
2009-01-07 02:45 --------- d-----w c:\program files\MediaCoder
2009-01-07 02:44 --------- d-----w c:\program files\GPLGS
2009-01-06 18:11 --------- d-----w c:\program files\Common Files\Palo Alto Software
2009-01-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-01-02 15:21 --------- d-----w c:\documents and settings\Susie\Application Data\Windows Search
2008-12-31 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 14:15 --------- d-----w c:\program files\iPod
2008-12-31 13:59 24,872 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-30 23:53 103,360 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2008-12-30 04:58 --------- d-----w c:\program files\Movie Download Manager
2008-12-22 07:13 --------- d-----w c:\program files\DVDlabPro
2008-12-21 22:02 --------- d-----w c:\program files\HP
2008-12-17 15:36 --------- d-----w c:\program files\Quicken Online Backup
2008-12-17 07:07 --------- d-----w c:\program files\Common Files\HP
2008-08-15 18:03 61,224 -c--a-w c:\documents and settings\Susie\GoToAssistDownloadHelper.exe
2008-03-20 00:42 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-24 18:09 636,192 -c--a-w c:\documents and settings\Susie\DMSetup.exe
2007-06-26 18:25 87,608 -c--a-w c:\documents and settings\Susie\Application Data\ezpinst.exe
2007-06-26 18:25 47,360 -c--a-w c:\documents and settings\Susie\Application Data\pcouffin.sys
2007-06-04 20:52 630,784 -c--a-w c:\documents and settings\Susie\GoToAssist_chat2way__317_en.exe
2007-05-26 14:48 25,600 -c--a-w c:\documents and settings\Susie\usbsermptxp.sys
2007-05-26 14:48 22,768 -c--a-w c:\documents and settings\Susie\usbsermpt.sys
2007-04-05 20:38 76,880 -c--a-w c:\documents and settings\Susie\Autorun.exe
2006-06-02 19:10 33,408 -c--a-w c:\documents and settings\Susie\g2mdlhlpx.exe
2006-01-09 17:44 13 -c-h--w c:\documents and settings\All Users\Application Data\Ţ├─3113.sys
1998-12-09 02:53 99,840 -c--a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 -c--a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 -c--a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 -c--a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 -c--a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 -c--a-w c:\program files\Common Files\IRASRIAL.DLL
2005-05-14 00:12 217,073 -csha-r c:\windows\meta4.exe
2007-05-17 15:30 318,976 -csha-w c:\windows\system32\avisynth.dll
2005-07-14 19:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2008-07-31 21:46 254,768 --sh--r c:\windows\system32\setup_vf.exe
2005-02-28 20:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-11-09 09:49 311296 --a------ c:\program files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"LaunchIt NOW! Plus"="f:\progra~1\LAUNCH~1\lnp.exe" [2008-01-15 573440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TrueCrypt"="f:\program files\TrueCrypt\TrueCrypt.exe" [2008-07-18 1225920]
"Super Utilities"="c:\program files\SuperLogix\Super Utilities\SuperUtil.exe" [2008-07-03 1400320]
"Google Update"="c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Lala Music Mover"="c:\program files\Lala.com\Lala Music Mover\LalaMover.exe" [2008-10-17 2221360]
"AnyDVD"="f:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-31 2489280]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-07-09 1189376]
"TivoNotify"="g:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-07-09 394240]
"TivoServer"="g:\program files\TiVo\Desktop\TiVoServer.exe" [2008-07-09 1931264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-06 172032]
"STOPzilla"="c:\program files\STOPzilla!\STOPzilla.exe" [2006-05-31 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"TotalRecorderScheduler"="f:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-06 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-06 622592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DMXLauncher"="f:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"WebDriveTray"="f:\program files\NetDrive\netdrive.exe" [2002-08-29 294912]
"WScheduler"="f:\progra~1\SYSTEM~1\WScheduler.exe" [2007-06-25 75264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-11-14 450560]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="g:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]
"IndexSearch"="g:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-14 46632]
"PPort11reminder"="g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
"HPHped06"="c:\progra~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"WinGuard Pro"="c:\windows\system32\setup_vf.exe" [2008-07-31 254768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"CARPService"="carpserv.exe" [2002-12-18 c:\windows\system32\carpserv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-06-18 34880]
EReg.lnk - c:\windows\EReg206\Reg32.exe [2005-11-04 36864]
HOTSYNCSHORTCUTNAME.lnk - f:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
JungleDiskMonitor.lnk - f:\program files\JungleDisk\junglediskmonitor.exe [2008-07-10 4061456]
Launchy.lnk - f:\program files\Launchy\Launchy.exe [2007-07-27 520192]
ListProAlarms.lnk - f:\program files\Ilium Software\ListPro\ListProAlarms.exe [2007-01-25 124000]
Media Card Companion Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-09-27 98304]
Monitor.lnk - f:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-05-30 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 22:41 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zjzbeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Susie^Start Menu^Programs^Startup^Timed Backups Manager StartUp.lnk]
path=c:\documents and settings\Susie\Start Menu\Programs\Startup\Timed Backups Manager StartUp.lnk
backup=c:\windows\pss\Timed Backups Manager StartUp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 06:47 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor.exe]
--a------ 2007-10-08 18:01 1765376 c:\program files\Wireless-G Internet Home Monitoring Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recorder.exe]
--a------ 2007-10-02 10:45 311296 c:\program files\Wireless-G Internet Home Monitoring Camera\Recorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-10-27 08:41 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICE.TCP\\FTPWIN.EXE"=
"f:\\Program Files\\palmOne\\Hotsync.exe"=
"f:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"f:\\Program Files\\firefox.exe"=
"f:\\Program Files\\JungleDisk\\junglediskmonitor.exe"=
"c:\\Documents and Settings\\Susie\\Desktop\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-07-31 43936]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-09-07 24971]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2005-09-21 37031]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2005-12-25 6097]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-07-31 11264]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-04-17 66048]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-05 47640]
R2 WebDriveFSD;WebDrive File System Driver;f:\program files\NetDrive\rffsd.sys [2007-07-29 67032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-01-06 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2008-11-25 3768]
S0 zpzoanmb;zpzoanmb;c:\windows\system32\drivers\tzgremuj.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\g:\program files\LogMeIn\x86\RaInfo.sys --> g:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2005-11-05 153984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-06-02 42112]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-04-17 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-04-17 13532]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [2008-08-27 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [2008-08-27 35328]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2005-12-25 299923]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 RFNP32;WebDrive Provider; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - AcrSch2Svc
*Deregistered* - AgentSrv
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CarboniteService
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Diskeeper
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fax
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTPFilter
*Deregistered* - IISADMIN
*Deregistered* - ImapiService
*Deregistered* - iPod Service
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LPDSVC
*Deregistered* - MBAMService
*Deregistered* - McAfee SiteAdvisor Service
*Deregistered* - mcmscsvc
*Deregistered* - McNASvc
*Deregistered* - McODS
*Deregistered* - McProxy
*Deregistered* - McShield
*Deregistered* - MDM
*Deregistered* - MpfService
*Deregistered* - MSFtpsvc
*Deregistered* - MSSQL$NR2007
*Deregistered* - NeatReceipts Database Controller
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - OneTouch 4.0 Monitor
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SimpTcp
*Deregistered* - SMTPSVC
*Deregistered* - Spooler
*Deregistered* - SQLWriter
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - szserver
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TivoBeacon2
*Deregistered* - TrkWks
*Deregistered* - TryAndDecideService
*Deregistered* - W32Time
*Deregistered* - W3SVC
*Deregistered* - WebClient
*Deregistered* - WebDriveService
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WSearch
*Deregistered* - wuauserv
*Deregistered* - WUSB54Gv4SVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - z:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ec6c95b-bebd-11dc-9e30-000ffe3d8d24}]
\Shell\AutoRun\command - d:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eb15a1-2ae4-11db-9926-000ffe3d8d24}]
\Shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77f57ca6-b180-11dc-9e26-000ffe3d8d24}]
\Shell\AutoRun\command - d:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - d:\system\viewer\FlipVideoforPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-548195580-3338435793-402719388-1007.job
- c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:25]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-16 c:\windows\Tasks\SyncBackSE ACDSeeBackup from F to G (daily).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-14 c:\windows\Tasks\SyncBackSE ACDSeeBackups from G to J.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-01 c:\windows\Tasks\SyncBackSE Mastercook to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Outlook BU (F to V).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Palm Desktop stuff to O drive.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE QUICKENW to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-08-30 c:\windows\Tasks\SyncBackSE REDBU SSL_movies2.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE SDCardBackup from I to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID Program & Data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SSLPaperport ( full V to X).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-10-22 c:\windows\Tasks\SyncBackSE SSL_DVDS from Mybook to Simpletech.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - v:\program files\Dropbox\DropboxExt.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - v:\program files\Dropbox\DropboxExt.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - v:\program files\Dropbox\DropboxExt.dll
HKCU-Run-CuteReminder - g:\program files\CuteReminderPro\CuteReminder.exe
HKCU-Run-SugarSync - g:\program files\SugarSync\SugarSyncManager.exe
HKCU-Run-OpAgent - OpAgent.exe
HKLM-Run-NapsterShell - files\napster\napster.exe
HKLM-Run-AsusTray - files\asus\eeepc acpi\astray.exe
HKLM-Run-LogMeIn GUI - g:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-ScanSoft OmniPage 16-reminder - g:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe
HKLM-Run-UnlockerAssistant - g:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-MacroKit - files\macro buddy\macrobuddy.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote - g:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save to &Xdrive - f:\program files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
DPF: Geni Publisher - hxxp://www.geni.com/plugins/genipublisher.CAB
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\components\enbar3.dll
FF - component: f:\program files\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 09:53:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\tzgremuj.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E47DEE53-311B-55FF-C4D4-D8970FB5A010}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialpepbafedcbjnmgi"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00
"hanoghplkjjpkgnk"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD/2]
"1"=dword:4490c89d
"2"=dword:4490c89d

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD2/2]
"1"=dword:444d5bdd
"2"=dword:44955d62
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\STOPzilla!\SZServer.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Quicken Online Backup\AGENTSRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
f:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
c:\program files\Visioneer\OneTouch 4.0\OtService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\program files\NetDrive\wdService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\iPod\bin\iPodService.exe
g:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\PdaReach\PdaReach.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\PdaReach\UsbMan.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-02-17 10:06:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 17:06:29

Pre-Run: 10,450,251,776 bytes free
Post-Run: 14,155,476,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

619 --- E O F --- 2009-02-15 19:09:07

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:11 AM

Posted 17 February 2009 - 02:22 PM

Hi Nothing Original,


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You need to disable your McAfee Antivirus before running ComboFix, as it will prevent it from running.

To disable MCAFEE SECURITY CENTER 7.1
Please navigate to the system tray and double-click the taskbar icon to open Security Center.
Click Advanced Menu (bottom mid-left).
Click Configure (left).
Click Computer & Files (top left).
VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
Do the same via Internet & Network for Firewall Plus.



Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

KILLALL:: 
File:: 
c:\windows\system32\clickfile.exe
c:\windows\system32\drivers\tzgremuj.sys
Driver::
zpzoanmb
Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Nothing Original

Nothing Original
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 February 2009 - 04:08 PM

Combofix.txt:

ComboFix 09-02-15.01 - Susie 2009-02-17 12:50:15.2 - NTFSx86
Running from: c:\documents and settings\Susie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Susie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

FILE ::
c:\windows\system32\clickfile.exe
c:\windows\system32\drivers\tzgremuj.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\clickfile.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZPZOANMB
-------\Service_zpzoanmb


((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-17 12:42 . 2009-02-17 12:42 <DIR> d-------- C:\32788R22FWJFW
2009-02-16 18:19 . 2009-02-16 18:26 <DIR> d-------- C:\rsit
2009-02-14 21:45 . 2009-02-14 21:45 236,188 --a------ C:\ScreenHunter_011.jpg
2009-02-14 21:39 . 2009-02-14 21:39 197,812 --a------ C:\ScreenHunter_010.jpg
2009-02-14 15:30 . 2009-02-14 15:30 188,934 --a------ C:\ScreenHunter_009.jpg
2009-02-14 06:58 . 2009-02-14 06:58 185,717 --a------ C:\ScreenHunter_008.jpg
2009-02-13 12:24 . 2009-02-13 12:24 120,676 --a------ C:\ScreenHunter_007.jpg
2009-02-13 12:16 . 2009-02-13 12:16 110,262 --a------ C:\ScreenHunter_006.jpg
2009-02-13 11:40 . 2009-02-13 10:52 368,961 --a------ c:\windows\system32\dds.scr
2009-02-13 09:41 . 2009-02-13 09:41 150,101 --a------ C:\ScreenHunter_005.jpg
2009-02-13 09:38 . 2009-02-13 09:38 87,985 --a------ C:\ScreenHunter_004.jpg
2009-02-13 09:36 . 2009-02-13 09:36 121,313 --a------ C:\ScreenHunter_003.jpg
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\Susie\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:28 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 16:08 . 2009-02-11 16:08 25,088 --a------ c:\windows\system32\drivers\tzgremuj.sys
2009-02-11 16:08 . 2009-02-17 13:05 2,204 --a------ c:\windows\zpzoanmb
2009-02-11 12:28 . 2009-02-11 12:28 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-02 09:14 . 2009-02-04 07:17 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2009-01-27 14:53 . 2009-01-28 12:04 25 --a------ c:\windows\OverlayXP.ini
2009-01-26 11:46 . 2009-01-26 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\webcamXP5
2009-01-19 11:59 . 2009-01-19 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\TiVo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 20:35 --------- d-----w c:\documents and settings\Susie\Application Data\Launchy
2009-02-17 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-17 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-17 00:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-16 23:51 --------- d-----w c:\program files\McAfee
2009-02-13 16:38 --------- d-----w c:\program files\Wisdom-soft ScreenHunter Plus
2009-02-11 19:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 17:02 --------- d-----w c:\program files\PdaReach
2009-01-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2009-01-19 20:43 --------- d-----w c:\program files\VideoReDoPlus
2009-01-19 20:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 19:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 18:59 --------- d-----w c:\program files\Common Files\TiVo Shared
2009-01-19 16:18 --------- d-----w c:\program files\Microsoft Works
2009-01-16 17:06 --------- d-----w c:\program files\Common Files\Livescribe
2009-01-16 17:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 16:01 --------- d-----w c:\program files\Google
2009-01-14 15:59 --------- d-----w c:\documents and settings\Susie\Application Data\CuteReminderPro
2009-01-09 19:03 79,304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 19:03 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 19:03 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-01-09 19:03 34,216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-01-09 19:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-01-09 14:59 --------- d-----w c:\documents and settings\Susie\Application Data\tunebite
2009-01-07 02:47 --------- d-----w c:\program files\Safari
2009-01-07 02:46 --------- d-----w c:\program files\PixiePack Codec Pack
2009-01-07 02:45 --------- d-----w c:\program files\MediaCoder
2009-01-07 02:44 --------- d-----w c:\program files\GPLGS
2009-01-06 18:11 --------- d-----w c:\program files\Common Files\Palo Alto Software
2009-01-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-01-02 15:21 --------- d-----w c:\documents and settings\Susie\Application Data\Windows Search
2008-12-31 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 14:15 --------- d-----w c:\program files\iPod
2008-12-31 13:59 24,872 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-30 23:53 103,360 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2008-12-30 04:58 --------- d-----w c:\program files\Movie Download Manager
2008-12-22 07:13 --------- d-----w c:\program files\DVDlabPro
2008-12-21 22:02 --------- d-----w c:\program files\HP
2008-12-17 15:36 --------- d-----w c:\program files\Quicken Online Backup
2008-12-17 07:07 --------- d-----w c:\program files\Common Files\HP
2008-08-15 18:03 61,224 -c--a-w c:\documents and settings\Susie\GoToAssistDownloadHelper.exe
2008-03-20 00:42 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-24 18:09 636,192 -c--a-w c:\documents and settings\Susie\DMSetup.exe
2007-06-26 18:25 87,608 -c--a-w c:\documents and settings\Susie\Application Data\ezpinst.exe
2007-06-26 18:25 47,360 -c--a-w c:\documents and settings\Susie\Application Data\pcouffin.sys
2007-06-04 20:52 630,784 -c--a-w c:\documents and settings\Susie\GoToAssist_chat2way__317_en.exe
2007-05-26 14:48 25,600 -c--a-w c:\documents and settings\Susie\usbsermptxp.sys
2007-05-26 14:48 22,768 -c--a-w c:\documents and settings\Susie\usbsermpt.sys
2007-04-05 20:38 76,880 -c--a-w c:\documents and settings\Susie\Autorun.exe
2006-06-02 19:10 33,408 -c--a-w c:\documents and settings\Susie\g2mdlhlpx.exe
2006-01-09 17:44 13 -c-h--w c:\documents and settings\All Users\Application Data\Ţ├─3113.sys
1998-12-09 02:53 99,840 -c--a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 -c--a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 -c--a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 -c--a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 -c--a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 -c--a-w c:\program files\Common Files\IRASRIAL.DLL
2005-05-14 00:12 217,073 -csha-r c:\windows\meta4.exe
2007-05-17 15:30 318,976 -csha-w c:\windows\system32\avisynth.dll
2005-07-14 19:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2008-07-31 21:46 254,768 --sh--r c:\windows\system32\setup_vf.exe
2005-02-28 20:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_10.02.28.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-17 20:31:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-17 20:31:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-17 16:26:06 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 20:31:41 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 16:29:29 226,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-17 20:33:59 226,863 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-17 20:25:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1b4.dat
+ 2009-02-17 20:25:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_734.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-11-09 09:49 311296 --a------ c:\program files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"LaunchIt NOW! Plus"="f:\progra~1\LAUNCH~1\lnp.exe" [2008-01-15 573440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TrueCrypt"="f:\program files\TrueCrypt\TrueCrypt.exe" [2008-07-18 1225920]
"Super Utilities"="c:\program files\SuperLogix\Super Utilities\SuperUtil.exe" [2008-07-03 1400320]
"Google Update"="c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Lala Music Mover"="c:\program files\Lala.com\Lala Music Mover\LalaMover.exe" [2008-10-17 2221360]
"AnyDVD"="f:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-31 2489280]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-07-09 1189376]
"TivoNotify"="g:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-07-09 394240]
"TivoServer"="g:\program files\TiVo\Desktop\TiVoServer.exe" [2008-07-09 1931264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-06 172032]
"STOPzilla"="c:\program files\STOPzilla!\STOPzilla.exe" [2006-05-31 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"TotalRecorderScheduler"="f:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-06 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-06 622592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DMXLauncher"="f:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"WebDriveTray"="f:\program files\NetDrive\netdrive.exe" [2002-08-29 294912]
"WScheduler"="f:\progra~1\SYSTEM~1\WScheduler.exe" [2007-06-25 75264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-11-14 450560]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="g:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]
"IndexSearch"="g:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-14 46632]
"PPort11reminder"="g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
"HPHped06"="c:\progra~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"WinGuard Pro"="c:\windows\system32\setup_vf.exe" [2008-07-31 254768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"CARPService"="carpserv.exe" [2002-12-18 c:\windows\system32\carpserv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-06-18 34880]
EReg.lnk - c:\windows\EReg206\Reg32.exe [2005-11-04 36864]
HOTSYNCSHORTCUTNAME.lnk - f:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
JungleDiskMonitor.lnk - f:\program files\JungleDisk\junglediskmonitor.exe [2008-07-10 4061456]
Launchy.lnk - f:\program files\Launchy\Launchy.exe [2007-07-27 520192]
ListProAlarms.lnk - f:\program files\Ilium Software\ListPro\ListProAlarms.exe [2007-01-25 124000]
Media Card Companion Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-09-27 98304]
Monitor.lnk - f:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-05-30 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 22:41 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Susie^Start Menu^Programs^Startup^Timed Backups Manager StartUp.lnk]
path=c:\documents and settings\Susie\Start Menu\Programs\Startup\Timed Backups Manager StartUp.lnk
backup=c:\windows\pss\Timed Backups Manager StartUp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 06:47 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor.exe]
--a------ 2007-10-08 18:01 1765376 c:\program files\Wireless-G Internet Home Monitoring Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recorder.exe]
--a------ 2007-10-02 10:45 311296 c:\program files\Wireless-G Internet Home Monitoring Camera\Recorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-10-27 08:41 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICE.TCP\\FTPWIN.EXE"=
"f:\\Program Files\\palmOne\\Hotsync.exe"=
"f:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"f:\\Program Files\\firefox.exe"=
"f:\\Program Files\\JungleDisk\\junglediskmonitor.exe"=
"c:\\Documents and Settings\\Susie\\Desktop\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-07-31 43936]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-09-07 24971]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2005-09-21 37031]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2005-12-25 6097]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-07-31 11264]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-04-17 66048]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-05 47640]
R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-05 206096]
R2 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2008-02-05 228480]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [2007-11-12 131072]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-07-09 868864]
R2 WebDriveFSD;WebDrive File System Driver;f:\program files\NetDrive\rffsd.sys [2007-07-29 67032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-01-06 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2008-11-25 3768]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\g:\program files\LogMeIn\x86\RaInfo.sys --> g:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2005-11-05 153984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-06-02 42112]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-04-17 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-04-17 13532]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [2008-08-27 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [2008-08-27 35328]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2005-12-25 299923]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-01-06 200704]
S4 0237821164896211mcinstcleanup;McAfee Application Installer Cleanup (0237821164896211); [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 RFNP32;WebDrive Provider; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - W3SVC
*Deregistered* - WebClient
*Deregistered* - WebDriveService
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WSearch
*Deregistered* - wuauserv
*Deregistered* - WUSB54Gv4SVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - z:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ec6c95b-bebd-11dc-9e30-000ffe3d8d24}]
\Shell\AutoRun\command - d:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eb15a1-2ae4-11db-9926-000ffe3d8d24}]
\Shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77f57ca6-b180-11dc-9e26-000ffe3d8d24}]
\Shell\AutoRun\command - d:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - d:\system\viewer\FlipVideoforPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-548195580-3338435793-402719388-1007.job
- c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:25]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-16 c:\windows\Tasks\SyncBackSE ACDSeeBackup from F to G (daily).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-14 c:\windows\Tasks\SyncBackSE ACDSeeBackups from G to J.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-01 c:\windows\Tasks\SyncBackSE Mastercook to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Outlook BU (F to V).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Palm Desktop stuff to O drive.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE QUICKENW to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-08-30 c:\windows\Tasks\SyncBackSE REDBU SSL_movies2.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE SDCardBackup from I to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE Splash ID data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID Program & Data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SSLPaperport ( full V to X).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-10-22 c:\windows\Tasks\SyncBackSE SSL_DVDS from Mybook to Simpletech.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote - g:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save to &Xdrive - f:\program files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
TCP: {47F90757-36B2-4764-86E2-7D8DD794877D} = 172.20.32.5 172.20.32.5
DPF: Geni Publisher - hxxp://www.geni.com/plugins/genipublisher.CAB
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\components\enbar3.dll
FF - component: f:\program files\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 13:31:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E47DEE53-311B-55FF-C4D4-D8970FB5A010}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialpepbafedcbjnmgi"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00
"hanoghplkjjpkgnk"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD/2]
"1"=dword:4490c89d
"2"=dword:4490c89d

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD2/2]
"1"=dword:444d5bdd
"2"=dword:44955d62
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\STOPzilla!\SZServer.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Quicken Online Backup\AGENTSRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
f:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\program files\NetDrive\wdService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\combofix\hidec.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
g:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\PdaReach\PdaReach.exe
c:\program files\PdaReach\UsbMan.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2009-02-17 13:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 20:45:41

Pre-Run: 14,532,911,104 bytes free
Post-Run: 14,507,212,800 bytes free

453 --- E O F --- 2009-02-15 19:09:07


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:18 PM, on 2/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\Roxio\Media Experience\DMXLauncher.exe
F:\Program Files\NetDrive\netdrive.exe
F:\PROGRA~1\SYSTEM~1\WScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\setup_vf.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\PROGRA~1\LAUNCH~1\lnp.exe
F:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe
C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
G:\Program Files\TiVo\Desktop\TiVoNotify.exe
G:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
F:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Launchy\Launchy.exe
F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PdaReach\PdaReach.exe
C:\Program Files\PdaReach\UsbMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
F:\Program Files\SplashData\SplashID\SplashID Desktop.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
F:\Program Files\firefox.exe
C:\WINDOWS\explorer.exe
V:\Susie's data\WIN95UP\Hijackthis\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapToolbarHelper Class - {8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838} - C:\Program Files\Snap Visual Search\snapbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "f:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "F:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [WebDriveTray] f:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [WScheduler] f:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "c:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "G:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "G:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Carbonite Backup] c:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\setup_vf.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "g:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchIt NOW! Plus] F:\PROGRA~1\LAUNCH~1\lnp.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TrueCrypt] "F:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [Super Utilities] c:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Lala Music Mover] "C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "G:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "G:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = V:\Program Files\Dropbox\Dropbox.exe
O4 - Startup: Evernote.lnk = G:\Program Files\EverNote\Evernote3\EvernoteTray.exe
O4 - Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Startup: PdaReach Desktop.lnk = C:\Program Files\PdaReach\PdaReach.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: EReg.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: JungleDiskMonitor.lnk = F:\Program Files\JungleDisk\junglediskmonitor.exe
O4 - Global Startup: Launchy.lnk = F:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Monitor.lnk = F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Evernote - res://g:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to AMV Converter... - G:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - res://f:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - f:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Geni Publisher - http://www.geni.com/plugins/genipublisher.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - c:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160079154390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phoenix.frontieradjusters.com
O17 - HKLM\Software\..\Telephony: DomainName = phoenix.frontieradjusters.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{47F90757-36B2-4764-86E2-7D8DD794877D}: NameServer = 172.20.32.5 172.20.32.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - F:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Unknown owner - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - G:\Program Files\LogMeIn\x86\RaMaint.exe (file missing)
O23 - Service: LogMeIn - Unknown owner - G:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - c:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - f:\Program Files\NetDrive\wdService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 24454 bytes


And just in case...the log.txt file from Combofix:

ComboFix 09-02-15.01 - Susie 2009-02-17 12:50:15.2 - NTFSx86
Running from: c:\documents and settings\Susie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Susie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

FILE ::
c:\windows\system32\clickfile.exe
c:\windows\system32\drivers\tzgremuj.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\clickfile.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZPZOANMB
-------\Service_zpzoanmb


((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-17 12:42 . 2009-02-17 12:42 <DIR> d-------- C:\32788R22FWJFW
2009-02-16 18:19 . 2009-02-16 18:26 <DIR> d-------- C:\rsit
2009-02-14 21:45 . 2009-02-14 21:45 236,188 --a------ C:\ScreenHunter_011.jpg
2009-02-14 21:39 . 2009-02-14 21:39 197,812 --a------ C:\ScreenHunter_010.jpg
2009-02-14 15:30 . 2009-02-14 15:30 188,934 --a------ C:\ScreenHunter_009.jpg
2009-02-14 06:58 . 2009-02-14 06:58 185,717 --a------ C:\ScreenHunter_008.jpg
2009-02-13 12:24 . 2009-02-13 12:24 120,676 --a------ C:\ScreenHunter_007.jpg
2009-02-13 12:16 . 2009-02-13 12:16 110,262 --a------ C:\ScreenHunter_006.jpg
2009-02-13 11:40 . 2009-02-13 10:52 368,961 --a------ c:\windows\system32\dds.scr
2009-02-13 09:41 . 2009-02-13 09:41 150,101 --a------ C:\ScreenHunter_005.jpg
2009-02-13 09:38 . 2009-02-13 09:38 87,985 --a------ C:\ScreenHunter_004.jpg
2009-02-13 09:36 . 2009-02-13 09:36 121,313 --a------ C:\ScreenHunter_003.jpg
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\Susie\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:28 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 16:08 . 2009-02-11 16:08 25,088 --a------ c:\windows\system32\drivers\tzgremuj.sys
2009-02-11 16:08 . 2009-02-17 13:05 2,204 --a------ c:\windows\zpzoanmb
2009-02-11 12:28 . 2009-02-11 12:28 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-02 09:14 . 2009-02-04 07:17 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2009-01-27 14:53 . 2009-01-28 12:04 25 --a------ c:\windows\OverlayXP.ini
2009-01-26 11:46 . 2009-01-26 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\webcamXP5
2009-01-19 11:59 . 2009-01-19 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\TiVo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 20:35 --------- d-----w c:\documents and settings\Susie\Application Data\Launchy
2009-02-17 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-17 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-17 00:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-16 23:51 --------- d-----w c:\program files\McAfee
2009-02-13 16:38 --------- d-----w c:\program files\Wisdom-soft ScreenHunter Plus
2009-02-11 19:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 17:02 --------- d-----w c:\program files\PdaReach
2009-01-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2009-01-19 20:43 --------- d-----w c:\program files\VideoReDoPlus
2009-01-19 20:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 19:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 18:59 --------- d-----w c:\program files\Common Files\TiVo Shared
2009-01-19 16:18 --------- d-----w c:\program files\Microsoft Works
2009-01-16 17:06 --------- d-----w c:\program files\Common Files\Livescribe
2009-01-16 17:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 16:01 --------- d-----w c:\program files\Google
2009-01-14 15:59 --------- d-----w c:\documents and settings\Susie\Application Data\CuteReminderPro
2009-01-09 19:03 79,304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 19:03 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 19:03 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-01-09 19:03 34,216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-01-09 19:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-01-09 14:59 --------- d-----w c:\documents and settings\Susie\Application Data\tunebite
2009-01-07 02:47 --------- d-----w c:\program files\Safari
2009-01-07 02:46 --------- d-----w c:\program files\PixiePack Codec Pack
2009-01-07 02:45 --------- d-----w c:\program files\MediaCoder
2009-01-07 02:44 --------- d-----w c:\program files\GPLGS
2009-01-06 18:11 --------- d-----w c:\program files\Common Files\Palo Alto Software
2009-01-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-01-02 15:21 --------- d-----w c:\documents and settings\Susie\Application Data\Windows Search
2008-12-31 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 14:15 --------- d-----w c:\program files\iPod
2008-12-31 13:59 24,872 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-30 23:53 103,360 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2008-12-30 04:58 --------- d-----w c:\program files\Movie Download Manager
2008-12-22 07:13 --------- d-----w c:\program files\DVDlabPro
2008-12-21 22:02 --------- d-----w c:\program files\HP
2008-12-17 15:36 --------- d-----w c:\program files\Quicken Online Backup
2008-12-17 07:07 --------- d-----w c:\program files\Common Files\HP
2008-08-15 18:03 61,224 -c--a-w c:\documents and settings\Susie\GoToAssistDownloadHelper.exe
2008-03-20 00:42 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-24 18:09 636,192 -c--a-w c:\documents and settings\Susie\DMSetup.exe
2007-06-26 18:25 87,608 -c--a-w c:\documents and settings\Susie\Application Data\ezpinst.exe
2007-06-26 18:25 47,360 -c--a-w c:\documents and settings\Susie\Application Data\pcouffin.sys
2007-06-04 20:52 630,784 -c--a-w c:\documents and settings\Susie\GoToAssist_chat2way__317_en.exe
2007-05-26 14:48 25,600 -c--a-w c:\documents and settings\Susie\usbsermptxp.sys
2007-05-26 14:48 22,768 -c--a-w c:\documents and settings\Susie\usbsermpt.sys
2007-04-05 20:38 76,880 -c--a-w c:\documents and settings\Susie\Autorun.exe
2006-06-02 19:10 33,408 -c--a-w c:\documents and settings\Susie\g2mdlhlpx.exe
2006-01-09 17:44 13 -c-h--w c:\documents and settings\All Users\Application Data\Ţ├─3113.sys
1998-12-09 02:53 99,840 -c--a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 -c--a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 -c--a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 -c--a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 -c--a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 -c--a-w c:\program files\Common Files\IRASRIAL.DLL
2005-05-14 00:12 217,073 -csha-r c:\windows\meta4.exe
2007-05-17 15:30 318,976 -csha-w c:\windows\system32\avisynth.dll
2005-07-14 19:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2008-07-31 21:46 254,768 --sh--r c:\windows\system32\setup_vf.exe
2005-02-28 20:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_10.02.28.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-17 20:31:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-17 20:31:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-17 16:26:06 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 20:31:41 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 16:29:29 226,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-17 20:33:59 226,863 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-17 20:25:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1b4.dat
+ 2009-02-17 20:25:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_734.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-11-09 09:49 311296 --a------ c:\program files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"LaunchIt NOW! Plus"="f:\progra~1\LAUNCH~1\lnp.exe" [2008-01-15 573440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TrueCrypt"="f:\program files\TrueCrypt\TrueCrypt.exe" [2008-07-18 1225920]
"Super Utilities"="c:\program files\SuperLogix\Super Utilities\SuperUtil.exe" [2008-07-03 1400320]
"Google Update"="c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Lala Music Mover"="c:\program files\Lala.com\Lala Music Mover\LalaMover.exe" [2008-10-17 2221360]
"AnyDVD"="f:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-31 2489280]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-07-09 1189376]
"TivoNotify"="g:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-07-09 394240]
"TivoServer"="g:\program files\TiVo\Desktop\TiVoServer.exe" [2008-07-09 1931264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-06 172032]
"STOPzilla"="c:\program files\STOPzilla!\STOPzilla.exe" [2006-05-31 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"TotalRecorderScheduler"="f:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-06 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-06 622592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DMXLauncher"="f:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"WebDriveTray"="f:\program files\NetDrive\netdrive.exe" [2002-08-29 294912]
"WScheduler"="f:\progra~1\SYSTEM~1\WScheduler.exe" [2007-06-25 75264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-11-14 450560]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="g:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]
"IndexSearch"="g:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-14 46632]
"PPort11reminder"="g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
"HPHped06"="c:\progra~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"WinGuard Pro"="c:\windows\system32\setup_vf.exe" [2008-07-31 254768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"CARPService"="carpserv.exe" [2002-12-18 c:\windows\system32\carpserv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-06-18 34880]
EReg.lnk - c:\windows\EReg206\Reg32.exe [2005-11-04 36864]
HOTSYNCSHORTCUTNAME.lnk - f:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
JungleDiskMonitor.lnk - f:\program files\JungleDisk\junglediskmonitor.exe [2008-07-10 4061456]
Launchy.lnk - f:\program files\Launchy\Launchy.exe [2007-07-27 520192]
ListProAlarms.lnk - f:\program files\Ilium Software\ListPro\ListProAlarms.exe [2007-01-25 124000]
Media Card Companion Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-09-27 98304]
Monitor.lnk - f:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-05-30 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 22:41 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Susie^Start Menu^Programs^Startup^Timed Backups Manager StartUp.lnk]
path=c:\documents and settings\Susie\Start Menu\Programs\Startup\Timed Backups Manager StartUp.lnk
backup=c:\windows\pss\Timed Backups Manager StartUp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 06:47 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor.exe]
--a------ 2007-10-08 18:01 1765376 c:\program files\Wireless-G Internet Home Monitoring Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recorder.exe]
--a------ 2007-10-02 10:45 311296 c:\program files\Wireless-G Internet Home Monitoring Camera\Recorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-10-27 08:41 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICE.TCP\\FTPWIN.EXE"=
"f:\\Program Files\\palmOne\\Hotsync.exe"=
"f:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"f:\\Program Files\\firefox.exe"=
"f:\\Program Files\\JungleDisk\\junglediskmonitor.exe"=
"c:\\Documents and Settings\\Susie\\Desktop\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-07-31 43936]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-09-07 24971]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2005-09-21 37031]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2005-12-25 6097]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-07-31 11264]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-04-17 66048]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-05 47640]
R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-05 206096]
R2 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2008-02-05 228480]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [2007-11-12 131072]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-07-09 868864]
R2 WebDriveFSD;WebDrive File System Driver;f:\program files\NetDrive\rffsd.sys [2007-07-29 67032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-01-06 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2008-11-25 3768]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\g:\program files\LogMeIn\x86\RaInfo.sys --> g:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2005-11-05 153984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-06-02 42112]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-04-17 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-04-17 13532]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [2008-08-27 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [2008-08-27 35328]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2005-12-25 299923]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-01-06 200704]
S4 0237821164896211mcinstcleanup;McAfee Application Installer Cleanup (0237821164896211); [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 RFNP32;WebDrive Provider; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - W3SVC
*Deregistered* - WebClient
*Deregistered* - WebDriveService
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WSearch
*Deregistered* - wuauserv
*Deregistered* - WUSB54Gv4SVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - z:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ec6c95b-bebd-11dc-9e30-000ffe3d8d24}]
\Shell\AutoRun\command - d:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eb15a1-2ae4-11db-9926-000ffe3d8d24}]
\Shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77f57ca6-b180-11dc-9e26-000ffe3d8d24}]
\Shell\AutoRun\command - d:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - d:\system\viewer\FlipVideoforPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-548195580-3338435793-402719388-1007.job
- c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:25]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-16 c:\windows\Tasks\SyncBackSE ACDSeeBackup from F to G (daily).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-14 c:\windows\Tasks\SyncBackSE ACDSeeBackups from G to J.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-01 c:\windows\Tasks\SyncBackSE Mastercook to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Outlook BU (F to V).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Palm Desktop stuff to O drive.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE QUICKENW to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-08-30 c:\windows\Tasks\SyncBackSE REDBU SSL_movies2.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE SDCardBackup from I to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE Splash ID data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID Program & Data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SSLPaperport ( full V to X).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-10-22 c:\windows\Tasks\SyncBackSE SSL_DVDS from Mybook to Simpletech.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote - g:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save to &Xdrive - f:\program files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
TCP: {47F90757-36B2-4764-86E2-7D8DD794877D} = 172.20.32.5 172.20.32.5
DPF: Geni Publisher - hxxp://www.geni.com/plugins/genipublisher.CAB
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\components\enbar3.dll
FF - component: f:\program files\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 13:31:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E47DEE53-311B-55FF-C4D4-D8970FB5A010}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialpepbafedcbjnmgi"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00
"hanoghplkjjpkgnk"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD/2]
"1"=dword:4490c89d
"2"=dword:4490c89d

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD2/2]
"1"=dword:444d5bdd
"2"=dword:44955d62
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\STOPzilla!\SZServer.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Quicken Online Backup\AGENTSRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
f:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\program files\NetDrive\wdService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\combofix\hidec.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
g:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\PdaReach\PdaReach.exe
c:\program files\PdaReach\UsbMan.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2009-02-17 13:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 20:45:41

Pre-Run: 14,532,911,104 bytes free
Post-Run: 14,507,212,800 bytes free

453 --- E O F --- 2009-02-15 19:09:07

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:11 AM

Posted 17 February 2009 - 05:17 PM

Hi Nothing Original,

Lets try again.

You need to disable your McAfee Antivirus before running ComboFix, as it will prevent it from running.

To disable MCAFEE SECURITY CENTER 7.1
Please navigate to the system tray and double-click the taskbar icon to open Security Center.
Click Advanced Menu (bottom mid-left).
Click Configure (left).
Click Computer & Files (top left).
VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
Do the same via Internet & Network for Firewall Plus.



Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

KILLALL:: 

Rootkit::
c:\windows\system32\drivers\tzgremuj.sys
c:\windows\zpzoanmb 

Driver::
zpzoanmb


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Nothing Original

Nothing Original
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 February 2009 - 05:24 PM

Out of curiosity, did I do something wrong or is another cycle required b/c something gets fixed & then another cycle is required? I don't mind if it's #2 but I did follow directions very precisely this time & so if it's option 1, there may be something I'm doing wrong (but think I'm doing right) or something jiggy with my computer setup. (I have a strange setup...C drive is Truecrypted & I have to specify which drive to boot from (not sure why...but it works, so that's what I do), etc.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:11 AM

Posted 17 February 2009 - 05:31 PM

did I do something wrong or is another cycle required b/c something gets fixed & then another cycle is required?


Not understanding you. :thumbup2: I dont think you are doing anything wrong.
You still have malware on your computer and I am trying to remove it. Follow the directions on my previous post.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Nothing Original

Nothing Original
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 February 2009 - 05:36 PM

Ok, great! I was thinking if I'm having to redo this because I did something wrong, I'd try to video record what I was doing so I could show you what I'm doing so you could figure out what I was doing wrong. ;-) Not complaining...just wanted to make sure I wasn't doing anything wrong/incorrectly.

Will do the process now. (Thanks! Greatly appreciate the help!)

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:11 AM

Posted 17 February 2009 - 05:51 PM

OK. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Nothing Original

Nothing Original
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 February 2009 - 11:13 PM

After dragging the txt file onto the Combofix icon, it sat at the DOS box that said "this process normally takes 10 minutes but may take longer for badly infected computers" - it sat there for over an hour & didn't ever flash up any of the things it did before...should I try it again?

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:11 AM

Posted 17 February 2009 - 11:38 PM

Are you sure you disabled your MCAFEE SECURITY CENTER before running ComboFix?

Are you sure you did this: :thumbup2:

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:


Did you use NotePad?
Did you copy and past the text in the code box (DO NOT include the word Code in the copy and paste)


Try it again and make sure you follow the directions. This works for millions of people so that means you are doing something wrong. :)

Edited by SifuMike, 17 February 2009 - 11:42 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Nothing Original

Nothing Original
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 February 2009 - 01:22 AM

Ok...here's hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:26 PM, on 2/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\Roxio\Media Experience\DMXLauncher.exe
F:\Program Files\NetDrive\netdrive.exe
F:\PROGRA~1\SYSTEM~1\WScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\setup_vf.exe
C:\WINDOWS\system32\dllhost.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\PROGRA~1\LAUNCH~1\lnp.exe
F:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe
C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
G:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
F:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PdaReach\PdaReach.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PdaReach\UsbMan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\firefox.exe
F:\Program Files\SplashData\SplashID\SplashID Desktop.exe
F:\Program Files\Natara\DayNotez\DayNotez.exe
C:\WINDOWS\explorer.exe
V:\Susie's data\WIN95UP\Hijackthis\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "F:\\Susie's data\\WIN95UP\\AllTunes");
user_pref("browser.search.defaultengine", "engine://f%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8, windows-1251, us-ascii");
user_pref("ldap_2
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapToolbarHelper Class - {8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838} - C:\Program Files\Snap Visual Search\snapbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "f:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] "F:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [WebDriveTray] f:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [WScheduler] f:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "c:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "G:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "G:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Carbonite Backup] c:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\setup_vf.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "g:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchIt NOW! Plus] F:\PROGRA~1\LAUNCH~1\lnp.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TrueCrypt] "F:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [Super Utilities] c:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Lala Music Mover] "C:\Program Files\Lala.com\Lala Music Mover\LalaMover.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "G:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "G:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = V:\Program Files\Dropbox\Dropbox.exe
O4 - Startup: Evernote.lnk = G:\Program Files\EverNote\Evernote3\EvernoteTray.exe
O4 - Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Startup: PdaReach Desktop.lnk = C:\Program Files\PdaReach\PdaReach.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: EReg.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: JungleDiskMonitor.lnk = F:\Program Files\JungleDisk\junglediskmonitor.exe
O4 - Global Startup: Launchy.lnk = F:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: ListProAlarms.lnk = F:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Monitor.lnk = F:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Evernote - res://g:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to AMV Converter... - G:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - res://f:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\Program Files\SoundTaxi\YouTubeRipper.dll (file missing)
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - f:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - g:\Program Files\EverNote\EverNote\enbar.dll (file missing)
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - g:\Program Files\Evernote\Evernote3\enbar.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Geni Publisher - http://www.geni.com/plugins/genipublisher.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - c:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160079154390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phoenix.frontieradjusters.com
O17 - HKLM\Software\..\Telephony: DomainName = phoenix.frontieradjusters.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - F:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - c:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Unknown owner - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - G:\Program Files\LogMeIn\x86\RaMaint.exe (file missing)
O23 - Service: LogMeIn - Unknown owner - G:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - g:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - c:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - f:\Program Files\NetDrive\wdService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 24284 bytes


Combofix:

ComboFix 09-02-17.01 - Susie 2009-02-17 21:52:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.326 [GMT -7:00]
Running from: c:\documents and settings\Susie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Susie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\tzgremuj.sys
c:\windows\zpzoanmb

.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-17 15:37 . 2009-02-17 15:37 146,603 --a------ C:\ScreenHunter_012.jpg
2009-02-16 18:19 . 2009-02-16 18:26 <DIR> d-------- C:\rsit
2009-02-14 21:45 . 2009-02-14 21:45 236,188 --a------ C:\ScreenHunter_011.jpg
2009-02-14 21:39 . 2009-02-14 21:39 197,812 --a------ C:\ScreenHunter_010.jpg
2009-02-14 15:30 . 2009-02-14 15:30 188,934 --a------ C:\ScreenHunter_009.jpg
2009-02-14 06:58 . 2009-02-14 06:58 185,717 --a------ C:\ScreenHunter_008.jpg
2009-02-13 12:24 . 2009-02-13 12:24 120,676 --a------ C:\ScreenHunter_007.jpg
2009-02-13 12:16 . 2009-02-13 12:16 110,262 --a------ C:\ScreenHunter_006.jpg
2009-02-13 11:40 . 2009-02-13 10:52 368,961 --a------ c:\windows\system32\dds.scr
2009-02-13 09:41 . 2009-02-13 09:41 150,101 --a------ C:\ScreenHunter_005.jpg
2009-02-13 09:38 . 2009-02-13 09:38 87,985 --a------ C:\ScreenHunter_004.jpg
2009-02-13 09:36 . 2009-02-13 09:36 121,313 --a------ C:\ScreenHunter_003.jpg
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\Susie\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:28 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 12:28 . 2009-02-11 12:28 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-02 09:14 . 2009-02-04 07:17 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2009-01-27 14:53 . 2009-01-28 12:04 25 --a------ c:\windows\OverlayXP.ini
2009-01-26 11:46 . 2009-01-26 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\webcamXP5
2009-01-19 11:59 . 2009-01-19 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\TiVo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 05:22 --------- d-----w c:\documents and settings\Susie\Application Data\Launchy
2009-02-18 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-18 04:21 --------- d-----w c:\documents and settings\Susie\Application Data\Dropbox
2009-02-18 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-17 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-16 23:51 --------- d-----w c:\program files\McAfee
2009-02-13 16:38 --------- d-----w c:\program files\Wisdom-soft ScreenHunter Plus
2009-02-11 19:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 17:02 --------- d-----w c:\program files\PdaReach
2009-01-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2009-01-19 20:43 --------- d-----w c:\program files\VideoReDoPlus
2009-01-19 20:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 19:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 18:59 --------- d-----w c:\program files\Common Files\TiVo Shared
2009-01-19 16:18 --------- d-----w c:\program files\Microsoft Works
2009-01-16 17:06 --------- d-----w c:\program files\Common Files\Livescribe
2009-01-16 17:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 16:01 --------- d-----w c:\program files\Google
2009-01-14 15:59 --------- d-----w c:\documents and settings\Susie\Application Data\CuteReminderPro
2009-01-09 19:03 79,304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 19:03 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 19:03 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-01-09 19:03 34,216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-01-09 19:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-01-09 14:59 --------- d-----w c:\documents and settings\Susie\Application Data\tunebite
2009-01-07 02:47 --------- d-----w c:\program files\Safari
2009-01-07 02:46 --------- d-----w c:\program files\PixiePack Codec Pack
2009-01-07 02:45 --------- d-----w c:\program files\MediaCoder
2009-01-07 02:44 --------- d-----w c:\program files\GPLGS
2009-01-06 18:11 --------- d-----w c:\program files\Common Files\Palo Alto Software
2009-01-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-01-02 15:21 --------- d-----w c:\documents and settings\Susie\Application Data\Windows Search
2008-12-31 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 14:15 --------- d-----w c:\program files\iPod
2008-12-31 13:59 24,872 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-30 23:53 103,360 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2008-12-30 04:58 --------- d-----w c:\program files\Movie Download Manager
2008-12-22 07:13 --------- d-----w c:\program files\DVDlabPro
2008-12-21 22:02 --------- d-----w c:\program files\HP
2008-08-15 18:03 61,224 -c--a-w c:\documents and settings\Susie\GoToAssistDownloadHelper.exe
2008-03-20 00:42 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-24 18:09 636,192 -c--a-w c:\documents and settings\Susie\DMSetup.exe
2007-06-26 18:25 87,608 -c--a-w c:\documents and settings\Susie\Application Data\ezpinst.exe
2007-06-26 18:25 47,360 -c--a-w c:\documents and settings\Susie\Application Data\pcouffin.sys
2007-06-04 20:52 630,784 -c--a-w c:\documents and settings\Susie\GoToAssist_chat2way__317_en.exe
2007-05-26 14:48 25,600 -c--a-w c:\documents and settings\Susie\usbsermptxp.sys
2007-05-26 14:48 22,768 -c--a-w c:\documents and settings\Susie\usbsermpt.sys
2007-04-05 20:38 76,880 -c--a-w c:\documents and settings\Susie\Autorun.exe
2006-06-02 19:10 33,408 -c--a-w c:\documents and settings\Susie\g2mdlhlpx.exe
2006-01-09 17:44 13 -c-h--w c:\documents and settings\All Users\Application Data\Ţ├─3113.sys
1998-12-09 02:53 99,840 -c--a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 -c--a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 -c--a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 -c--a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 -c--a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 -c--a-w c:\program files\Common Files\IRASRIAL.DLL
2005-05-14 00:12 217,073 -csha-r c:\windows\meta4.exe
2007-05-17 15:30 318,976 -csha-w c:\windows\system32\avisynth.dll
2005-07-14 19:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2008-07-31 21:46 254,768 --sh--r c:\windows\system32\setup_vf.exe
2005-02-28 20:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_10.02.28.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-18 05:31:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-18 05:31:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-17 16:26:06 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-18 05:31:21 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 16:29:29 226,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-18 05:17:08 226,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-18 05:13:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-11-09 09:49 311296 --a------ c:\program files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"LaunchIt NOW! Plus"="f:\progra~1\LAUNCH~1\lnp.exe" [2008-01-15 573440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TrueCrypt"="f:\program files\TrueCrypt\TrueCrypt.exe" [2008-07-18 1225920]
"Super Utilities"="c:\program files\SuperLogix\Super Utilities\SuperUtil.exe" [2008-07-03 1400320]
"Google Update"="c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Lala Music Mover"="c:\program files\Lala.com\Lala Music Mover\LalaMover.exe" [2008-10-17 2221360]
"AnyDVD"="f:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-31 2489280]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-07-09 1189376]
"TivoNotify"="g:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-07-09 394240]
"TivoServer"="g:\program files\TiVo\Desktop\TiVoServer.exe" [2008-07-09 1931264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-06 172032]
"STOPzilla"="c:\program files\STOPzilla!\STOPzilla.exe" [2006-05-31 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"TotalRecorderScheduler"="f:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-06 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-06 622592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DMXLauncher"="f:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"WebDriveTray"="f:\program files\NetDrive\netdrive.exe" [2002-08-29 294912]
"WScheduler"="f:\progra~1\SYSTEM~1\WScheduler.exe" [2007-06-25 75264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-11-14 450560]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="g:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]
"IndexSearch"="g:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-14 46632]
"PPort11reminder"="g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
"HPHped06"="c:\progra~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"WinGuard Pro"="c:\windows\system32\setup_vf.exe" [2008-07-31 254768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"CARPService"="carpserv.exe" [2002-12-18 c:\windows\system32\carpserv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-06-18 34880]
EReg.lnk - c:\windows\EReg206\Reg32.exe [2005-11-04 36864]
HOTSYNCSHORTCUTNAME.lnk - f:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
JungleDiskMonitor.lnk - f:\program files\JungleDisk\junglediskmonitor.exe [2008-07-10 4061456]
Launchy.lnk - f:\program files\Launchy\Launchy.exe [2007-07-27 520192]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 22:41 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Susie^Start Menu^Programs^Startup^Timed Backups Manager StartUp.lnk]
path=c:\documents and settings\Susie\Start Menu\Programs\Startup\Timed Backups Manager StartUp.lnk
backup=c:\windows\pss\Timed Backups Manager StartUp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 06:47 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor.exe]
--a------ 2007-10-08 18:01 1765376 c:\program files\Wireless-G Internet Home Monitoring Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recorder.exe]
--a------ 2007-10-02 10:45 311296 c:\program files\Wireless-G Internet Home Monitoring Camera\Recorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-10-27 08:41 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICE.TCP\\FTPWIN.EXE"=
"f:\\Program Files\\palmOne\\Hotsync.exe"=
"f:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"f:\\Program Files\\firefox.exe"=
"f:\\Program Files\\JungleDisk\\junglediskmonitor.exe"=
"c:\\Documents and Settings\\Susie\\Desktop\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-07-31 43936]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-09-07 24971]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2005-09-21 37031]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2005-12-25 6097]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-07-31 11264]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-04-17 66048]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-05 47640]
R2 WebDriveFSD;WebDrive File System Driver;f:\program files\NetDrive\rffsd.sys [2007-07-29 67032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-01-06 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2008-11-25 3768]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\g:\program files\LogMeIn\x86\RaInfo.sys --> g:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2005-11-05 153984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-06-02 42112]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-04-17 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-04-17 13532]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [2008-08-27 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [2008-08-27 35328]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2005-12-25 299923]
S4 0237821164896211mcinstcleanup;McAfee Application Installer Cleanup (0237821164896211); [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 RFNP32;WebDrive Provider; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LPDSVC
*Deregistered* - MBAMService
*Deregistered* - McAfee SiteAdvisor Service
*Deregistered* - mcmscsvc
*Deregistered* - McNASvc
*Deregistered* - McProxy
*Deregistered* - McShield
*Deregistered* - MDM
*Deregistered* - MpfService
*Deregistered* - MSDTC
*Deregistered* - MSFtpsvc
*Deregistered* - MSSQL$NR2007
*Deregistered* - NeatReceipts Database Controller
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - OneTouch 4.0 Monitor
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SimpTcp
*Deregistered* - SMTPSVC
*Deregistered* - Spooler
*Deregistered* - SQLWriter
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - SwPrv
*Deregistered* - szserver
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TivoBeacon2
*Deregistered* - TrkWks
*Deregistered* - TryAndDecideService
*Deregistered* - VSS
*Deregistered* - W32Time
*Deregistered* - W3SVC
*Deregistered* - WebClient
*Deregistered* - WebDriveService
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WSearch
*Deregistered* - wuauserv
*Deregistered* - WUSB54Gv4SVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - z:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ec6c95b-bebd-11dc-9e30-000ffe3d8d24}]
\Shell\AutoRun\command - d:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eb15a1-2ae4-11db-9926-000ffe3d8d24}]
\Shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77f57ca6-b180-11dc-9e26-000ffe3d8d24}]
\Shell\AutoRun\command - d:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - d:\system\viewer\FlipVideoforPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-548195580-3338435793-402719388-1007.job
- c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:25]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-16 c:\windows\Tasks\SyncBackSE ACDSeeBackup from F to G (daily).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-14 c:\windows\Tasks\SyncBackSE ACDSeeBackups from G to J.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-01 c:\windows\Tasks\SyncBackSE Mastercook to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Outlook BU (F to V).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Palm Desktop stuff to O drive.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE QUICKENW to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-08-30 c:\windows\Tasks\SyncBackSE REDBU SSL_movies2.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE SDCardBackup from I to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE Splash ID data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID Program & Data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SSLPaperport ( full V to X).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-10-22 c:\windows\Tasks\SyncBackSE SSL_DVDS from Mybook to Simpletech.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote - g:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save to &Xdrive - f:\program files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
DPF: Geni Publisher - hxxp://www.geni.com/plugins/genipublisher.CAB
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\components\enbar3.dll
FF - component: f:\program files\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 22:19:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Susie\LOCALS~1\Temp\RGI14.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E47DEE53-311B-55FF-C4D4-D8970FB5A010}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialpepbafedcbjnmgi"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00
"hanoghplkjjpkgnk"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD/2]
"1"=dword:4490c89d
"2"=dword:4490c89d

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD2/2]
"1"=dword:444d5bdd
"2"=dword:44955d62
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\STOPzilla!\SZServer.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Quicken Online Backup\AGENTSRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
f:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
c:\program files\Visioneer\OneTouch 4.0\OtService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\program files\NetDrive\wdService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\iPod\bin\iPodService.exe
f:\program files\Ilium Software\ListPro\ListProAlarms.exe
f:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
g:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\PdaReach\PdaReach.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\PdaReach\UsbMan.exe
.
**************************************************************************
.
Completion time: 2009-02-17 22:42:30 - machine was rebooted [Susie]
ComboFix-quarantined-files.txt 2009-02-18 05:42:20
ComboFix2.txt 2009-02-17 20:47:09

Pre-Run: 14,636,965,888 bytes free
Post-Run: 14,615,965,696 bytes free

494 --- E O F --- 2009-02-15 19:09:07


log.txt:

ComboFix 09-02-17.01 - Susie 2009-02-17 21:52:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.326 [GMT -7:00]
Running from: c:\documents and settings\Susie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Susie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\tzgremuj.sys
c:\windows\zpzoanmb

.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-17 15:37 . 2009-02-17 15:37 146,603 --a------ C:\ScreenHunter_012.jpg
2009-02-16 18:19 . 2009-02-16 18:26 <DIR> d-------- C:\rsit
2009-02-14 21:45 . 2009-02-14 21:45 236,188 --a------ C:\ScreenHunter_011.jpg
2009-02-14 21:39 . 2009-02-14 21:39 197,812 --a------ C:\ScreenHunter_010.jpg
2009-02-14 15:30 . 2009-02-14 15:30 188,934 --a------ C:\ScreenHunter_009.jpg
2009-02-14 06:58 . 2009-02-14 06:58 185,717 --a------ C:\ScreenHunter_008.jpg
2009-02-13 12:24 . 2009-02-13 12:24 120,676 --a------ C:\ScreenHunter_007.jpg
2009-02-13 12:16 . 2009-02-13 12:16 110,262 --a------ C:\ScreenHunter_006.jpg
2009-02-13 11:40 . 2009-02-13 10:52 368,961 --a------ c:\windows\system32\dds.scr
2009-02-13 09:41 . 2009-02-13 09:41 150,101 --a------ C:\ScreenHunter_005.jpg
2009-02-13 09:38 . 2009-02-13 09:38 87,985 --a------ C:\ScreenHunter_004.jpg
2009-02-13 09:36 . 2009-02-13 09:36 121,313 --a------ C:\ScreenHunter_003.jpg
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\Susie\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 16:28 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:28 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 12:28 . 2009-02-11 12:28 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-02 09:14 . 2009-02-04 07:17 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2009-01-27 14:53 . 2009-01-28 12:04 25 --a------ c:\windows\OverlayXP.ini
2009-01-26 11:46 . 2009-01-26 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\webcamXP5
2009-01-19 11:59 . 2009-01-19 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\TiVo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 05:22 --------- d-----w c:\documents and settings\Susie\Application Data\Launchy
2009-02-18 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-18 04:21 --------- d-----w c:\documents and settings\Susie\Application Data\Dropbox
2009-02-18 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-17 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-16 23:51 --------- d-----w c:\program files\McAfee
2009-02-13 16:38 --------- d-----w c:\program files\Wisdom-soft ScreenHunter Plus
2009-02-11 19:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 17:02 --------- d-----w c:\program files\PdaReach
2009-01-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2009-01-19 20:43 --------- d-----w c:\program files\VideoReDoPlus
2009-01-19 20:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 19:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 18:59 --------- d-----w c:\program files\Common Files\TiVo Shared
2009-01-19 16:18 --------- d-----w c:\program files\Microsoft Works
2009-01-16 17:06 --------- d-----w c:\program files\Common Files\Livescribe
2009-01-16 17:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 16:01 --------- d-----w c:\program files\Google
2009-01-14 15:59 --------- d-----w c:\documents and settings\Susie\Application Data\CuteReminderPro
2009-01-09 19:03 79,304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 19:03 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 19:03 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-01-09 19:03 34,216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-01-09 19:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-01-09 14:59 --------- d-----w c:\documents and settings\Susie\Application Data\tunebite
2009-01-07 02:47 --------- d-----w c:\program files\Safari
2009-01-07 02:46 --------- d-----w c:\program files\PixiePack Codec Pack
2009-01-07 02:45 --------- d-----w c:\program files\MediaCoder
2009-01-07 02:44 --------- d-----w c:\program files\GPLGS
2009-01-06 18:11 --------- d-----w c:\program files\Common Files\Palo Alto Software
2009-01-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-01-02 15:21 --------- d-----w c:\documents and settings\Susie\Application Data\Windows Search
2008-12-31 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 14:15 --------- d-----w c:\program files\iPod
2008-12-31 13:59 24,872 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-30 23:53 103,360 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2008-12-30 04:58 --------- d-----w c:\program files\Movie Download Manager
2008-12-22 07:13 --------- d-----w c:\program files\DVDlabPro
2008-12-21 22:02 --------- d-----w c:\program files\HP
2008-08-15 18:03 61,224 -c--a-w c:\documents and settings\Susie\GoToAssistDownloadHelper.exe
2008-03-20 00:42 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-24 18:09 636,192 -c--a-w c:\documents and settings\Susie\DMSetup.exe
2007-06-26 18:25 87,608 -c--a-w c:\documents and settings\Susie\Application Data\ezpinst.exe
2007-06-26 18:25 47,360 -c--a-w c:\documents and settings\Susie\Application Data\pcouffin.sys
2007-06-04 20:52 630,784 -c--a-w c:\documents and settings\Susie\GoToAssist_chat2way__317_en.exe
2007-05-26 14:48 25,600 -c--a-w c:\documents and settings\Susie\usbsermptxp.sys
2007-05-26 14:48 22,768 -c--a-w c:\documents and settings\Susie\usbsermpt.sys
2007-04-05 20:38 76,880 -c--a-w c:\documents and settings\Susie\Autorun.exe
2006-06-02 19:10 33,408 -c--a-w c:\documents and settings\Susie\g2mdlhlpx.exe
2006-01-09 17:44 13 -c-h--w c:\documents and settings\All Users\Application Data\Ţ├─3113.sys
1998-12-09 02:53 99,840 -c--a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 -c--a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 -c--a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 -c--a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 -c--a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 -c--a-w c:\program files\Common Files\IRASRIAL.DLL
2005-05-14 00:12 217,073 -csha-r c:\windows\meta4.exe
2007-05-17 15:30 318,976 -csha-w c:\windows\system32\avisynth.dll
2005-07-14 19:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2008-07-31 21:46 254,768 --sh--r c:\windows\system32\setup_vf.exe
2005-02-28 20:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_10.02.28.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-18 05:31:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-17 16:26:06 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-18 05:31:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-17 16:26:06 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-18 05:31:21 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 16:29:29 226,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-18 05:17:08 226,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-18 05:13:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-11-09 09:49 311296 --a------ c:\program files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-13 23:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"LaunchIt NOW! Plus"="f:\progra~1\LAUNCH~1\lnp.exe" [2008-01-15 573440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TrueCrypt"="f:\program files\TrueCrypt\TrueCrypt.exe" [2008-07-18 1225920]
"Super Utilities"="c:\program files\SuperLogix\Super Utilities\SuperUtil.exe" [2008-07-03 1400320]
"Google Update"="c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Lala Music Mover"="c:\program files\Lala.com\Lala Music Mover\LalaMover.exe" [2008-10-17 2221360]
"AnyDVD"="f:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-31 2489280]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-07-09 1189376]
"TivoNotify"="g:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-07-09 394240]
"TivoServer"="g:\program files\TiVo\Desktop\TiVoServer.exe" [2008-07-09 1931264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-06 172032]
"STOPzilla"="c:\program files\STOPzilla!\STOPzilla.exe" [2006-05-31 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"TotalRecorderScheduler"="f:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-06 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-06 622592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DMXLauncher"="f:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"WebDriveTray"="f:\program files\NetDrive\netdrive.exe" [2002-08-29 294912]
"WScheduler"="f:\progra~1\SYSTEM~1\WScheduler.exe" [2007-06-25 75264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-11-14 450560]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="g:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]
"IndexSearch"="g:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-14 46632]
"PPort11reminder"="g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
"HPHped06"="c:\progra~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"WinGuard Pro"="c:\windows\system32\setup_vf.exe" [2008-07-31 254768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"CARPService"="carpserv.exe" [2002-12-18 c:\windows\system32\carpserv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-06-18 34880]
EReg.lnk - c:\windows\EReg206\Reg32.exe [2005-11-04 36864]
HOTSYNCSHORTCUTNAME.lnk - f:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
JungleDiskMonitor.lnk - f:\program files\JungleDisk\junglediskmonitor.exe [2008-07-10 4061456]
Launchy.lnk - f:\program files\Launchy\Launchy.exe [2007-07-27 520192]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 22:41 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Susie^Start Menu^Programs^Startup^Timed Backups Manager StartUp.lnk]
path=c:\documents and settings\Susie\Start Menu\Programs\Startup\Timed Backups Manager StartUp.lnk
backup=c:\windows\pss\Timed Backups Manager StartUp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 06:47 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor.exe]
--a------ 2007-10-08 18:01 1765376 c:\program files\Wireless-G Internet Home Monitoring Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recorder.exe]
--a------ 2007-10-02 10:45 311296 c:\program files\Wireless-G Internet Home Monitoring Camera\Recorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-10-27 08:41 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICE.TCP\\FTPWIN.EXE"=
"f:\\Program Files\\palmOne\\Hotsync.exe"=
"f:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"f:\\Program Files\\firefox.exe"=
"f:\\Program Files\\JungleDisk\\junglediskmonitor.exe"=
"c:\\Documents and Settings\\Susie\\Desktop\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-07-31 43936]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-09-07 24971]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2005-09-21 37031]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2005-12-25 6097]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-07-31 11264]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-04-17 66048]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-05 47640]
R2 WebDriveFSD;WebDrive File System Driver;f:\program files\NetDrive\rffsd.sys [2007-07-29 67032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-01-06 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2008-11-25 3768]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\g:\program files\LogMeIn\x86\RaInfo.sys --> g:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2005-11-05 153984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-06-02 42112]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-04-17 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-04-17 13532]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [2008-08-27 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [2008-08-27 35328]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2005-12-25 299923]
S4 0237821164896211mcinstcleanup;McAfee Application Installer Cleanup (0237821164896211); [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 RFNP32;WebDrive Provider; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LPDSVC
*Deregistered* - MBAMService
*Deregistered* - McAfee SiteAdvisor Service
*Deregistered* - mcmscsvc
*Deregistered* - McNASvc
*Deregistered* - McProxy
*Deregistered* - McShield
*Deregistered* - MDM
*Deregistered* - MpfService
*Deregistered* - MSDTC
*Deregistered* - MSFtpsvc
*Deregistered* - MSSQL$NR2007
*Deregistered* - NeatReceipts Database Controller
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - OneTouch 4.0 Monitor
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SimpTcp
*Deregistered* - SMTPSVC
*Deregistered* - Spooler
*Deregistered* - SQLWriter
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - SwPrv
*Deregistered* - szserver
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TivoBeacon2
*Deregistered* - TrkWks
*Deregistered* - TryAndDecideService
*Deregistered* - VSS
*Deregistered* - W32Time
*Deregistered* - W3SVC
*Deregistered* - WebClient
*Deregistered* - WebDriveService
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WSearch
*Deregistered* - wuauserv
*Deregistered* - WUSB54Gv4SVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - z:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ec6c95b-bebd-11dc-9e30-000ffe3d8d24}]
\Shell\AutoRun\command - d:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eb15a1-2ae4-11db-9926-000ffe3d8d24}]
\Shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77f57ca6-b180-11dc-9e26-000ffe3d8d24}]
\Shell\AutoRun\command - d:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - d:\system\viewer\FlipVideoforPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-548195580-3338435793-402719388-1007.job
- c:\documents and settings\Susie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:25]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Susie.job
- g:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-16 c:\windows\Tasks\SyncBackSE ACDSeeBackup from F to G (daily).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-14 c:\windows\Tasks\SyncBackSE ACDSeeBackups from G to J.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-01 c:\windows\Tasks\SyncBackSE Mastercook to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Outlook BU (F to V).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE Palm Desktop stuff to O drive.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE QUICKENW to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-08-30 c:\windows\Tasks\SyncBackSE REDBU SSL_movies2.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-16 c:\windows\Tasks\SyncBackSE SDCardBackup from I to JD.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE Splash ID data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID Program & Data to Dropbox Folder.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SplashID.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2009-02-17 c:\windows\Tasks\SyncBackSE SSLPaperport ( full V to X).job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]

2008-10-22 c:\windows\Tasks\SyncBackSE SSL_DVDS from Mybook to Simpletech.job
- f:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-10-03 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote - g:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save to &Xdrive - f:\program files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
DPF: Geni Publisher - hxxp://www.geni.com/plugins/genipublisher.CAB
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Susie\Application Data\Mozilla\Firefox\Profiles\4m6emk5y.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\components\enbar3.dll
FF - component: f:\program files\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 22:19:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Susie\LOCALS~1\Temp\RGI14.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E47DEE53-311B-55FF-C4D4-D8970FB5A010}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialpepbafedcbjnmgi"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00
"hanoghplkjjpkgnk"=hex:6b,61,65,70,6e,67,6f,67,69,61,6f,66,70,6b,67,62,6b,6a,
68,69,6a,67,00,00

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD/2]
"1"=dword:4490c89d
"2"=dword:4490c89d

[HKEY_USERS\S-1-5-21-548195580-3338435793-402719388-1007\Software\Zepter Software\RegLib*70f74f3e\CloneDVD2/2]
"1"=dword:444d5bdd
"2"=dword:44955d62
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\STOPzilla!\SZServer.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Quicken Online Backup\AGENTSRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
f:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
c:\program files\Visioneer\OneTouch 4.0\OtService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
f:\program files\NetDrive\wdService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\iPod\bin\iPodService.exe
f:\program files\Ilium Software\ListPro\ListProAlarms.exe
f:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
g:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\PdaReach\PdaReach.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\PdaReach\UsbMan.exe
.
**************************************************************************
.
Completion time: 2009-02-17 22:42:30 - machine was rebooted [Susie]
ComboFix-quarantined-files.txt 2009-02-18 05:42:20
ComboFix2.txt 2009-02-17 20:47:09

Pre-Run: 14,636,965,888 bytes free
Post-Run: 14,615,965,696 bytes free

494 --- E O F --- 2009-02-15 19:09:07




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users