TheTechGuide Forum
General Category => Tech Clinic => Topic started by: weasel096 on May 31, 2008, 10:34:21 PM
-
can you look over my HJT log. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:58 PM, on 5/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Documents and Settings\Ours\lsass.exe
C:\WINDOWS\TEMP\ETE9AC.EXE
C:\WINDOWS\mrofinu1188.exe
C:\windows\system32\jlwnw64p.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Ours\lsass.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [{0B-BC-C6-60-DW}] C:\windows\system32\jlwnw64p.exe DWram
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntmkdm.exe DWram
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [5cd0bccf] rundll32.exe "C:\WINDOWS\system32\qkhsuygq.dll",b
O4 - HKLM\..\Run: [SW CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {E90B1832-3097-4d1c-93D1-D5332BA287A0} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [BM5fe38f53] Rundll32.exe "C:\WINDOWS\system32\tllqamdi.dll",s
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntmkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jlwnw64p.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab (http://\"http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 13194 bytes
-
I can see some problems
Before we try a fix, can you do the following for me please
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post back just the Whole contents of Main.txt and Extra.txt
-
Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-01 20:39:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-06-02 01:40:24 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Ours.exe) ------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-01 20:47:49
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\HP\KBD\kbd.exe
C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\EUBBEA.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Ours.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: targetedbanner browser optimizer - {05fd6cbf-521c-70cc-d135-17147c23c9e7} - C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {0F452574-8D50-4E8B-923F-2045F98F69BB} - C:\WINDOWS\system32\cbXRIyxU.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: {6a88b8fb-8ffe-edb8-ea74-fd3a63866678} - {87666836-a3df-47ae-8bde-eff8bf8b88a6} - C:\WINDOWS\system32\egivcram.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657} - C:\WINDOWS\system32\mlJArqqR.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [5cd0bccf] rundll32.exe "C:\WINDOWS\system32\udchydlh.dll",b
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [BM5fe38f53] Rundll32.exe "C:\WINDOWS\system32\qaobcsdf.dll",s
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (http://\"https://online.musicmatch.com\") (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab (http://\"http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab\")
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: mlJArqqR - C:\WINDOWS\system32\mlJArqqR.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
--
End of file - 15740 bytes
-- File Associations -----------------------------------------------------------
[color=\"red\"].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=\"red\"].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\officescan client\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R3 LVCap138 (TV Card WDM Video Capture) - c:\windows\system32\drivers\lvcap138.sys <Not Verified; Animation Technologies Inc.; Lifeview ® LR138 TV Card>
R3 lvtuner (TV Card TV Tuner) - c:\windows\system32\drivers\lvtuner.sys <Not Verified; Animation Technologies Inc.; Lifeview ® TV Card>
S2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 TnIDriver - c:\docume~1\ours\locals~1\temp\tnif6.tmp (file missing)
S3 USBVSP - c:\windows\system32\drivers\usbvsp.sys <Not Verified; Atmel Corporation; Atmel USB Serial Adapter>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 lvhidsvc (Lifeview HID Remote Controller Service) - c:\windows\system32\lvhidsvc.exe <Not Verified; Animation Technologies Inc.; Lifeview ® TV Card>
R2 ntrtscan (OfficeScanNT RealTime Scan) - "c:\program files\trend micro\officescan client\ntrtscan.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 OfcPfwSvc (OfficeScanNT Personal Firewall) - "c:\program files\trend micro\officescan client\ofcpfwsvc.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>
R2 tmlisten (OfficeScanNT Listener) - "c:\program files\trend micro\officescan client\tmlisten.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6103
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6103
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-06-01 17:59:28 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-31 19:53:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-31 11:31:08 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job
2008-05-31 10:22:31 290 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
-- Files created between 2008-05-01 and 2008-06-01 -----------------------------
2008-06-01 17:53:23 0 d-------- C:\Program Files\SpyShredder
2008-05-31 23:03:25 95232 --a------ C:\WINDOWS\system32\udchydlh.dll
2008-05-31 23:00:26 108544 --a------ C:\WINDOWS\system32\egivcram.dll
2008-05-31 22:49:07 104448 --a------ C:\WINDOWS\system32\qaobcsdf.dll
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 10:15:12 95232 --a------ C:\WINDOWS\system32\qkhsuygq.dll
2008-05-31 10:06:20 108544 --a------ C:\WINDOWS\system32\bwwpllkk.dll
2008-05-31 10:01:05 104448 --a------ C:\WINDOWS\system32\tllqamdi.dll
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:23:58 0 d-------- C:\Program Files\SpyMaxx
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:11:59 0 d-------- C:\Program Files\AntispyStorm
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-31 08:57:55 63488 --a------ C:\WINDOWS\system32\qoMcyVNG.dll
2008-05-31 08:55:19 15360 --a------ C:\WINDOWS\mssys.exe
2008-05-31 00:00:27 29952 --a------ C:\WINDOWS\msupdate.exe
2008-05-30 22:02:01 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-30 22:01:53 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-30 22:01:44 63488 --a------ C:\WINDOWS\system32\rqRLecyw.dll
2008-05-30 22:01:20 18176 --a------ C:\WINDOWS\y.exe
2008-05-30 22:01:20 22784 --a------ C:\WINDOWS\xplugin.dll
2008-05-30 22:01:19 10496 --a------ C:\WINDOWS\x.exe
2008-05-30 22:01:19 23808 --a------ C:\WINDOWS\winmgnt.exe
2008-05-30 22:01:19 16640 --a------ C:\WINDOWS\window.exe
2008-05-30 22:01:19 25856 --a------ C:\WINDOWS\winajbm.dll
2008-05-30 22:01:18 9984 --a------ C:\WINDOWS\win64.exe
2008-05-30 22:01:18 23552 --a------ C:\WINDOWS\win32e.exe
2008-05-30 22:01:18 30720 --a------ C:\WINDOWS\wEmail Removedexe
2008-05-30 22:01:18 19456 --a------ C:\WINDOWS\users32.exe
2008-05-30 22:01:18 28672 --a------ C:\WINDOWS\time.exe
2008-05-30 22:01:17 26624 --a------ C:\WINDOWS\systemcritical.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\systeem.exe
2008-05-30 22:01:17 15104 --a------ C:\WINDOWS\svcinit.exe
2008-05-30 22:01:17 14848 --a------ C:\WINDOWS\svchost32.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\sistem.exe
2008-05-30 22:01:16 27136 --a------ C:\WINDOWS\searchword.dll
2008-05-30 22:01:16 23040 --a------ C:\WINDOWS\rundll16.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\quicken.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\qttasks.exe
2008-05-30 22:01:16 24832 --a------ C:\WINDOWS\olehelp.exe
2008-05-30 22:01:15 22272 --a------ C:\WINDOWS\notepad32.exe
2008-05-30 22:01:15 12032 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-30 22:01:15 29952 --a------ C:\WINDOWS\mswsc20.dll
2008-05-30 22:01:15 15616 --a------ C:\WINDOWS\mswsc10.dll
2008-05-30 22:01:14 18944 --a------ C:\WINDOWS\msspi.dll
2008-05-30 22:01:14 17920 --a------ C:\WINDOWS\msconfd.dll
2008-05-30 22:01:14 22784 --a------ C:\WINDOWS\loader.exe
2008-05-30 22:01:14 31232 --a------ C:\WINDOWS\internet.exe
2008-05-30 22:01:13 24064 --a------ C:\WINDOWS\inetinf.exe
2008-05-30 22:01:13 17920 --a------ C:\WINDOWS\iexplorer.exe
2008-05-30 22:01:13 28928 --a------ C:\WINDOWS\iedll.exe
2008-05-30 22:01:13 31744 --a------ C:\WINDOWS\helpcvs.exe
2008-05-30 22:01:12 15616 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-30 22:01:12 11776 --a------ C:\WINDOWS\funny.exe
2008-05-30 22:01:12 20736 --a------ C:\WINDOWS\funniest.exe
2008-05-30 22:01:12 27904 --a------ C:\WINDOWS\explorer32.exe
2008-05-30 22:01:12 31232 --a------ C:\WINDOWS\explore.exe
2008-05-30 22:01:11 14080 --a------ C:\WINDOWS\editpad.exe
2008-05-30 22:01:11 14848 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-30 22:01:11 15616 --a------ C:\WINDOWS\directx32.exe
2008-05-30 22:01:11 22016 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-30 22:01:11 28672 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 22:01:11 13056 --a------ C:\WINDOWS\cpan.dll
2008-05-30 22:01:10 27136 --a------ C:\WINDOWS\clrssn.exe
2008-05-30 22:01:10 20736 --a------ C:\WINDOWS\avpcc.dll
2008-05-30 22:01:10 11776 --a------ C:\WINDOWS\accesss.exe
2008-05-30 22:00:00 401972 --a------ C:\WINDOWS\system32\g3.exe
2008-05-30 21:48:43 805368 --ahs---- C:\WINDOWS\system32\UxyIRXbc.ini2
2008-05-30 21:48:22 276480 --a------ C:\WINDOWS\system32\cbXRIyxU.dll
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:59 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-05-30 21:43:59 0 d--hs---- C:\WINDOWS\RGVuc3RlZHRz
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 21:43:55 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-30 21:43:51 89049 --a------ C:\WINDOWS\system32\vbpdtvdp.exe <Not Verified; Microsoft; XML Media>
2008-05-30 21:43:51 89049 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-30 21:43:42 41984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\Ucom1
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\sIE6
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\ITMP
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\evd2
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\Dev3
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\4026c
2008-05-30 21:43:24 41984 --a------ C:\WINDOWS\mrofinu1188.exe
2008-05-30 21:43:13 0 d-------- C:\WINDOWS\system32\vntiho05
2008-05-30 21:43:07 63488 --a------ C:\WINDOWS\system32\mlJArqqR.dll
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 07:10:18 0 d-------- C:\Documents and Settings\Ours\Application Data\VideoEgg
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-26 11:03:56 365056 --a------ C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-07 20:15:37 0 d-------- C:\Program Files\MyWebSearch
2008-05-07 20:14:46 0 d-------- C:\Program Files\FunWebProducts
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:30:31 0 d-------- C:\Program Files\Windows Live Favorites
-- Find3M Report ---------------------------------------------------------------
2008-05-31 21:00:13 0 d-------- C:\Program Files\Trend Micro
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-22 19:17:18 0 d-------- C:\Program Files\Coupons
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 17:33:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 08:38:03 0 d-------- C:\Documents and Settings\Ours\Application Data\funkitron
2008-04-04 08:22:18 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-04 08:22:13 0 d-------- C:\Program Files\Real
2008-04-02 20:07:08 0 d-------- C:\Documents and Settings\Ours\Application Data\Sun
2008-04-02 18:09:18 0 d-------- C:\Documents and Settings\Ours\Application Data\InterVideo
2008-04-01 18:52:21 0 d-------- C:\Documents and Settings\Ours\Application Data\Google
2008-04-01 17:05:01 0 d-------- C:\Program Files\InterVideo Information Service
2008-04-01 17:05:01 0 d-------- C:\Program Files\Common Files\Ulead
2008-04-01 17:03:58 0 d-------- C:\Program Files\InterVideo
2008-04-01 17:03:26 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-01 16:51:05 0 d-------- C:\Program Files\Musicmatch
2008-04-01 16:50:06 0 d-------- C:\Documents and Settings\Ours\Application Data\Musicmatch
2008-04-01 16:48:41 0 d-------- C:\Program Files\Google
2008-04-01 16:41:12 0 d-------- C:\Program Files\Yahoo!
2008-04-01 16:32:57 0 d-------- C:\Program Files\Lavasoft
2008-04-01 16:32:02 0 d-------- C:\Documents and Settings\Ours\Application Data\MySpace
2008-04-01 16:31:59 0 d-------- C:\Program Files\MySpace
2008-04-01 16:29:49 0 d-------- C:\Program Files\DIFX
2008-04-01 16:29:35 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-01 16:29:31 0 d-------- C:\Program Files\Nokia
2008-04-01 16:29:31 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-01 16:29:11 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-01 16:15:46 0 d-------- C:\Program Files\Java
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05fd6cbf-521c-70cc-d135-17147c23c9e7}]
05/26/2008 11:03 AM 365056 --a------ C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F452574-8D50-4E8B-923F-2045F98F69BB}]
05/30/2008 09:48 PM 276480 --a------ C:\WINDOWS\system32\cbXRIyxU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87666836-a3df-47ae-8bde-eff8bf8b88a6}]
05/31/2008 11:00 PM 108544 --a------ C:\WINDOWS\system32\egivcram.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657}]
05/30/2008 09:43 PM 63488 --a------ C:\WINDOWS\system32\mlJArqqR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [02/07/2006 04:16 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 09:22 PM]
"5cd0bccf"="C:\WINDOWS\system32\udchydlh.dll" [05/31/2008 11:03 PM]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"="C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" [05/26/2008 11:03 AM]
"BM5fe38f53"="C:\WINDOWS\system32\qaobcsdf.dll" [05/31/2008 10:49 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Windows update loader"="C:\Windows\xpupdate.exe" []
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [06/01/2008 05:53 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"Wallpaper"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1 (0x1)
"NoActiveDesktop"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657}"= C:\WINDOWS\system32\mlJArqqR.dll [05/30/2008 09:43 PM 63488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJArqqR]
mlJArqqR.dll 05/30/2008 09:43 PM 63488 C:\WINDOWS\system32\mlJArqqR.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXRIyxU
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ours^Start Menu^Programs^Startup^TVR Schedule.lnk]
path=C:\Documents and Settings\Ours\Start Menu\Programs\Startup\TVR Schedule.lnk
backup=C:\WINDOWS\pss\TVR Schedule.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd0bccf]
rundll32.exe "C:\WINDOWS\system32\qkhsuygq.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5fe38f53]
Rundll32.exe "C:\WINDOWS\system32\tllqamdi.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\mcntmkdm.exe DWram
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
C:\Garmin\gStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-06-01 21:18:39 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 759.48 MiB / 188.8 MiB
Pagefile Memory (total/avail): 1860.34 MiB / 1357.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1873.89 MiB
C: is Fixed (NTFS) - 74.52 GiB total, 24.57 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ours\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DENSTEDTS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ours
LOGONSERVER=\\DENSTEDTS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ours\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ours\LOCALS~1\Temp
USERDOMAIN=DENSTEDTS
USERNAME=Ours
USERPROFILE=C:\Documents and Settings\Ours
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Ours (admin)
Kids.DENSTEDTS
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Advanced System Optimizer 2 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Agere Systems PCI Soft Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Deewoo Network Manager removal --> C:\WINDOWS\system32\mcntmkdm.exe -UPop
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll-uninst.exe
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Garmin MapSource --> MsiExec.exe /X{4ACBBFC6-3F39-48DE-8D85-182736B2749B}
Garmin Training Center 3.3.2 --> MsiExec.exe /X{7834FE69-824C-4644-8107-899201C074C8}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire PRO 4.9.23 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compressi
-
Can you do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: targetedbanner browser optimizer - {05fd6cbf-521c-70cc-d135-17147c23c9e7} - C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {0F452574-8D50-4E8B-923F-2045F98F69BB} - C:\WINDOWS\system32\cbXRIyxU.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: {6a88b8fb-8ffe-edb8-ea74-fd3a63866678} - {87666836-a3df-47ae-8bde-eff8bf8b88a6} - C:\WINDOWS\system32\egivcram.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657} - C:\WINDOWS\system32\mlJArqqR.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [5cd0bccf] rundll32.exe "C:\WINDOWS\system32\udchydlh.dll",b
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [BM5fe38f53] Rundll32.exe "C:\WINDOWS\system32\qaobcsdf.dll",s
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O15 - Trusted Zone: https://online.musicmatch.com (http://\"https://online.musicmatch.com\") (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab (http://\"http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab\")
O20 - Winlogon Notify: mlJArqqR - C:\WINDOWS\system32\mlJArqqR.dll
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Access your Add and Remove programs and try and remove the following:
Don't worry if it won't uninstall, just carry on
This includes:
Enhancement Browser Tools Targetedbanner
and
SpyShredder
Important: reboot the computer if any of the 2 were removed
Back in Windows
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe\") and save it ONLY to your desktop
Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable your AntiVirus software and any Spyware realtime protections you may have running so it won't interfere with this fix
Double click on ComboFix.exe to run the program
Follow the prompts
normally this fix takes anywhere from 10 to 30 minutes
If the computer was rebooted by the fix
ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
After ComboFix runs, and after it's log opens
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt
Post back the log from ComboFix along with a fresh hijackthis log
-
here are the new log files.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:10 PM, on 6/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\AD1A10.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 14542 bytes
ComboFix 08-06-01.6 - Ours 2008-06-02 19:23:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.296 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Ours\Start Menu\Programs\SpyShredder
C:\Documents and Settings\Ours\Start Menu\Programs\SpyShredder\SpyShredder.lnk
C:\Documents and Settings\Ours\Start Menu\Programs\SpyShredder\Uninstall.lnk
C:\Program Files\AntispyStorm
C:\Program Files\AntispyStorm\AntispyStorm.exe.MANIFEST
C:\Program Files\AntispyStorm\logs\05.31.08_09_15_20.log
C:\Program Files\AntispyStorm\parser_done
C:\Program Files\AntispyStorm\stat.bin
C:\Program Files\AntispyStorm\uninstall.exe
C:\Program Files\AntispyStorm\uninstall.log
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\Program Files\SpyMaxx\stat.bin
C:\Program Files\SpyMaxx\uninstall.exe
C:\Program Files\SpyMaxx\uninstall.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BM5fe38f53.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bwwpllkk.dll
C:\WINDOWS\system32\egivcram.dll
C:\WINDOWS\system32\hldyhcdu.ini
C:\WINDOWS\system32\kiilxkmr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJArqqR.dll
C:\WINDOWS\system32\mrijcjcl.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qaobcsdf.dll
C:\WINDOWS\system32\qgyushkq.ini
C:\WINDOWS\system32\qkhsuygq.dll
C:\WINDOWS\system32\qoMcyVNG.dll
C:\WINDOWS\system32\rmkxliik.dll
C:\WINDOWS\system32\tllqamdi.dll
C:\WINDOWS\system32\udchydlh.dll
C:\WINDOWS\system32\UxyIRXbc.ini
C:\WINDOWS\system32\UxyIRXbc.ini2
C:\WINDOWS\system32\vmtmqews.dll
C:\WINDOWS\system32\ynskocjt.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.
2008-06-02 20:04 . 2008-06-02 20:09 1,853 --a------ C:\WINDOWS\default.htm
2008-06-02 20:03 . 2008-06-02 20:03 25,856 --a------ C:\WINDOWS\iexplorer.exe
2008-06-02 20:03 . 2008-06-02 20:03 9,472 --a------ C:\WINDOWS\explore.exe
2008-06-02 13:36 . 2008-06-02 13:36 41,984 -ra------ C:\WINDOWS\mrofinu1188.exe
2008-06-01 20:39 . 2008-06-01 20:39 <DIR> d-------- C:\Deckard
2008-06-01 17:53 . 2008-06-01 17:53 <DIR> d-------- C:\Program Files\SpyShredder
2008-05-31 10:54 . 2008-05-31 11:25 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37 . 2008-05-31 10:45 8,002,338,816 --ahs---- C:\gobackio.bin
2008-05-31 10:36 . 2008-05-31 10:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19 . 2008-05-31 11:29 <DIR> d-------- C:\Program Files\Norton SystemWorks
2008-05-31 10:09 . 2008-05-31 11:00 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 10:09 . 2008-05-31 11:00 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 10:09 . 2008-05-31 11:00 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 10:09 . 2008-05-31 11:00 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 09:59 . 2008-05-31 11:00 <DIR> d-------- C:\Program Files\Symantec
2008-05-31 09:57 . 2008-05-31 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48 . 2008-05-31 14:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12 . 2008-05-31 09:12 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12 . 2008-05-31 09:12 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00 . 2008-05-31 09:00 <DIR> d-------- C:\Program Files\CheckIt
2008-05-31 08:55 . 2008-05-31 08:55 15,360 --a------ C:\WINDOWS\mssys.exe
2008-05-31 00:00 . 2008-05-31 00:00 29,952 --a------ C:\WINDOWS\msupdate.exe
2008-05-30 22:02 . 2008-05-30 22:02 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-30 22:00 . 2008-05-30 22:00 401,972 --a------ C:\WINDOWS\system32\g3.exe
2008-05-30 21:48 . 2008-05-30 21:48 276,480 --a------ C:\WINDOWS\system32\cbXRIyxU.dll
2008-05-30 21:44 . 2008-05-30 21:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 12:20 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\QuickTime
2008-05-30 12:20 . 2008-05-31 21:16 <DIR> d-------- C:\Program Files\iTunes
2008-05-30 12:20 . 2008-05-31 21:15 <DIR> d-------- C:\Program Files\iPod
2008-05-30 12:20 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-30 07:10 . 2008-05-30 12:19 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\VideoEgg
2008-05-30 03:34 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\iPod(2)
2008-05-30 03:33 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\Apple Software Update(2)
2008-05-22 22:36 . 2008-05-22 22:36 268 --ah----- C:\sqmdata19.sqm
2008-05-22 22:36 . 2008-05-22 22:36 244 --ah----- C:\sqmnoopt19.sqm
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-22 19:48 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39 . 2008-05-22 19:39 <DIR> d-------- C:\WINDOWS\EHome
2008-05-22 19:27 . 2008-04-13 19:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-22 19:26 . 2008-04-13 19:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-22 19:25 . 2008-04-13 19:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll
2008-05-22 19:25 . 2008-04-13 19:11 4,255 --a------ C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,967 --a------ C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,775 --a------ C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,711 --a------ C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,647 --a------ C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,615 --a------ C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,135 --a------ C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-05-22 18:25 . 2008-05-22 18:25 268 --ah----- C:\sqmdata18.sqm
2008-05-22 18:25 . 2008-05-22 18:25 244 --ah----- C:\sqmnoopt18.sqm
2008-05-21 22:28 . 2008-05-21 22:28 268 --ah----- C:\sqmdata17.sqm
2008-05-21 22:28 . 2008-05-21 22:28 244 --ah----- C:\sqmnoopt17.sqm
2008-05-20 17:02 . 2008-05-20 17:02 268 --ah----- C:\sqmdata16.sqm
2008-05-20 17:02 . 2008-05-20 17:02 244 --ah----- C:\sqmnoopt16.sqm
2008-05-19 20:26 . 2008-05-19 20:26 268 --ah----- C:\sqmdata15.sqm
2008-05-19 20:26 . 2008-05-19 20:26 244 --ah----- C:\sqmnoopt15.sqm
2008-05-19 16:04 . 2008-05-19 16:04 268 --ah----- C:\sqmdata14.sqm
2008-05-19 16:04 . 2008-05-19 16:04 244 --ah----- C:\sqmnoopt14.sqm
2008-05-19 05:58 . 2008-05-19 05:58 268 --ah----- C:\sqmdata13.sqm
2008-05-19 05:58 . 2008-05-19 05:58 244 --ah----- C:\sqmnoopt13.sqm
2008-05-18 22:59 . 2008-05-18 22:59 268 --ah----- C:\sqmdata12.sqm
2008-05-18 22:58 . 2008-05-18 22:58 244 --ah----- C:\sqmnoopt12.sqm
2008-05-17 23:20 . 2008-05-30 12:25 268 --ah----- C:\sqmdata11.sqm
2008-05-17 23:20 . 2008-05-30 12:25 244 --ah----- C:\sqmnoopt11.sqm
2008-05-17 00:09 . 2008-05-30 12:18 268 --ah----- C:\sqmdata10.sqm
2008-05-17 00:09 . 2008-05-30 12:18 244 --ah----- C:\sqmnoopt10.sqm
2008-05-13 18:25 . 2008-05-13 18:25 <DIR> d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47 . 2008-05-11 21:47 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47 . 2008-05-11 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45 . 2008-05-11 21:45 <DIR> d-------- C:\Program Files\GameHouse
2008-05-11 21:45 . 2008-05-11 21:45 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-07 17:43 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-07 17:43 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-07 17:43 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 02:00 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 14:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 14:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-31 03:16 --------- d-----w C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-31 02:43 89,049 ----a-w C:\WINDOWS\system32\vbpdtvdp.exe
2008-05-31 02:43 41,984 ----a-w C:\WINDOWS\mrofinu1000106.exe
2008-05-22 22:08 --------- d-----w C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-20 01:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 21:17 --------- d-----w C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 12:16 --------- d-----w C:\Program Files\Windows Live
2008-05-02 13:34 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 13:33 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-02 13:30 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-02 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-01 23:13 --------- d-----w C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-26 14:42 --------- d-----w C:\Program Files\Oberon Media
2008-04-25 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-23 00:17 --------- d-----w C:\Program Files\Coupons
2008-04-19 18:06 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 22:26 --------- d-----w C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 22:26 --------- d-----w C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-15 00:36 --------- d-----w C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 22:10 --------- d-----w C:\Program Files\LimeWire
2008-04-13 22:05 --------- d-----w C:\Program Files\Incomplete
2008-04-13 21:56 --------- d-----w C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2005-07-29 21:24 472 --sha-r C:\WINDOWS\RGVuc3RlZHRz\l3pRwal5tJlW.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{889FFD77-6071-4E87-B9C9-6C2289F74D02}]
2008-05-30 21:48 276480 --a------ C:\WINDOWS\system32\cbXRIyxU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"gStart"="C:\Garmin\gStart.exe" [2007-08-23 05:58 1891416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"="C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10 11776]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="C:\WINDOWS\system32\lvhidsvc.exe" [2004-10-10 19:17 33280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]
C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2008-03-31 19:11:12 1078]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\vbpdtvdp.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 14:43]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 00:53:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-02 23:59:11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 16:31:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-05-31 15:22:31 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-06-02 20:03:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\iexplorer.exe 25856 bytes
C:\WINDOWS\explore.exe 9472 bytes
C:\WINDOWS\default.htm 1853 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\TEMP\AKEE37.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTUpd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\TVR\TVR\RecSche.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-02 20:18:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 01:17:32
Pre-Run: 26,249,859,072 bytes free
Post-Run: 26,366,214,144 bytes free
437 --- E O F --- 2008-05-16 04:30:02
-
One more scan please
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
After you post that log
Also post another fresh hijackthis log
-
here are the logs that you requested....
Malwarebytes' Anti-Malware 1.14
Database version: 818
8:30:01 PM 6/3/2008
mbam-log-6-3-2008 (20-30-01).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 113891
Time elapsed: 1 hour(s), 3 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 10
Files Infected: 170
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\vbpdtvdp.exe -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ITMP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJArqqR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qkhsuygq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMcyVNG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\udchydlh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP1\A0001027.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001041.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001044.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001045.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001052.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001058.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001202.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001204.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0003653.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLecyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\Uninstall.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbpdtvdp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRIyxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:32 PM, on 6/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\TEMP\ZWED58.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 14257 bytes
-
Can you delete your copy of Combofix, I want to ensure we have the most up to date copy
Download a fresh copy from here>> - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Don't run it yet
Again, Temporarily disable AV and Spyware protection programs
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
After you have ticked the above entries, close All other open windows
Including this one>>It's important that you have all Internet Explorer windows closed at this point
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Double click to run Combofix.exe again
Follow prompts
Double click on ComboFix.exe to run the program
Follow the prompts
Post back the log from ComboFix that will open along with a fresh hijackthis log
-
New logs..
ComboFix 08-06-03.1 - Ours 2008-06-03 21:43:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.348 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.
2008-06-03 16:15 . 2008-06-03 16:15 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-06-03 16:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-03 16:14 . 2008-06-03 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-03 16:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 20:39 . 2008-06-01 20:39 <DIR> d-------- C:\Deckard
2008-05-31 10:54 . 2008-05-31 11:25 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37 . 2008-05-31 10:45 8,002,338,816 --ahs---- C:\gobackio.bin
2008-05-31 10:36 . 2008-05-31 10:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19 . 2008-05-31 11:29 <DIR> d-------- C:\Program Files\Norton SystemWorks
2008-05-31 10:09 . 2008-05-31 11:00 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 10:09 . 2008-05-31 11:00 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 10:09 . 2008-05-31 11:00 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 10:09 . 2008-05-31 11:00 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 09:59 . 2008-05-31 11:00 <DIR> d-------- C:\Program Files\Symantec
2008-05-31 09:57 . 2008-05-31 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48 . 2008-06-03 21:38 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12 . 2008-05-31 09:12 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12 . 2008-05-31 09:12 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00 . 2008-05-31 09:00 <DIR> d-------- C:\Program Files\CheckIt
2008-05-31 08:55 . 2008-05-31 08:55 15,360 --a------ C:\WINDOWS\mssys.exe
2008-05-31 00:00 . 2008-05-31 00:00 29,952 --a------ C:\WINDOWS\msupdate.exe
2008-05-30 22:00 . 2008-05-30 22:00 401,972 --a------ C:\WINDOWS\system32\g3.exe
2008-05-30 21:44 . 2008-05-30 21:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43 . 2008-06-02 19:43 <DIR> d-------- C:\WINDOWS\system32\vntiho05
2008-05-30 21:43 . 2008-05-30 23:38 <DIR> d-------- C:\WINDOWS\system32\Ucom1
2008-05-30 21:43 . 2008-05-30 21:43 <DIR> d-------- C:\WINDOWS\system32\sIE6
2008-05-30 21:43 . 2008-06-02 19:39 <DIR> d-------- C:\WINDOWS\system32\evd2
2008-05-30 21:43 . 2008-06-02 19:38 <DIR> d-------- C:\WINDOWS\system32\Dev3
2008-05-30 21:43 . 2008-06-02 19:37 <DIR> d-------- C:\WINDOWS\system32\4026c
2008-05-30 21:43 . 2008-06-03 18:03 <DIR> d-------- C:\WINDOWS\RGVuc3RlZHRz
2008-05-30 21:43 . 2008-05-30 21:43 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-30 12:20 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\QuickTime
2008-05-30 12:20 . 2008-05-31 21:16 <DIR> d-------- C:\Program Files\iTunes
2008-05-30 12:20 . 2008-05-31 21:15 <DIR> d-------- C:\Program Files\iPod
2008-05-30 12:20 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-30 03:34 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\iPod(2)
2008-05-30 03:33 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\Apple Software Update(2)
2008-05-22 22:36 . 2008-05-22 22:36 268 --ah----- C:\sqmdata19.sqm
2008-05-22 22:36 . 2008-05-22 22:36 244 --ah----- C:\sqmnoopt19.sqm
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-22 19:48 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39 . 2008-05-22 19:39 <DIR> d-------- C:\WINDOWS\EHome
2008-05-22 19:27 . 2008-04-13 19:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-22 19:26 . 2008-04-13 19:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-22 19:25 . 2008-04-13 19:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll
2008-05-22 19:25 . 2008-04-13 19:11 4,255 --a------ C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,967 --a------ C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,775 --a------ C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,711 --a------ C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,647 --a------ C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,615 --a------ C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,135 --a------ C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-05-22 18:25 . 2008-05-22 18:25 268 --ah----- C:\sqmdata18.sqm
2008-05-22 18:25 . 2008-05-22 18:25 244 --ah----- C:\sqmnoopt18.sqm
2008-05-21 22:28 . 2008-05-21 22:28 268 --ah----- C:\sqmdata17.sqm
2008-05-21 22:28 . 2008-05-21 22:28 244 --ah----- C:\sqmnoopt17.sqm
2008-05-20 17:02 . 2008-05-20 17:02 268 --ah----- C:\sqmdata16.sqm
2008-05-20 17:02 . 2008-05-20 17:02 244 --ah----- C:\sqmnoopt16.sqm
2008-05-19 20:26 . 2008-05-19 20:26 268 --ah----- C:\sqmdata15.sqm
2008-05-19 20:26 . 2008-05-19 20:26 244 --ah----- C:\sqmnoopt15.sqm
2008-05-19 16:04 . 2008-05-19 16:04 268 --ah----- C:\sqmdata14.sqm
2008-05-19 16:04 . 2008-05-19 16:04 244 --ah----- C:\sqmnoopt14.sqm
2008-05-19 05:58 . 2008-05-19 05:58 268 --ah----- C:\sqmdata13.sqm
2008-05-19 05:58 . 2008-05-19 05:58 244 --ah----- C:\sqmnoopt13.sqm
2008-05-18 22:59 . 2008-05-18 22:59 268 --ah----- C:\sqmdata12.sqm
2008-05-18 22:58 . 2008-05-18 22:58 244 --ah----- C:\sqmnoopt12.sqm
2008-05-17 23:20 . 2008-05-30 12:25 268 --ah----- C:\sqmdata11.sqm
2008-05-17 23:20 . 2008-05-30 12:25 244 --ah----- C:\sqmnoopt11.sqm
2008-05-17 00:09 . 2008-05-30 12:18 268 --ah----- C:\sqmdata10.sqm
2008-05-17 00:09 . 2008-05-30 12:18 244 --ah----- C:\sqmnoopt10.sqm
2008-05-13 18:25 . 2008-05-13 18:25 <DIR> d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47 . 2008-05-11 21:47 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47 . 2008-05-11 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45 . 2008-05-11 21:45 <DIR> d-------- C:\Program Files\GameHouse
2008-05-11 21:45 . 2008-05-11 21:45 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-07 17:43 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-07 17:43 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-07 17:43 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 02:00 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 14:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 14:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-31 03:16 --------- d-----w C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 22:08 --------- d-----w C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-20 01:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 21:17 --------- d-----w C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 12:16 --------- d-----w C:\Program Files\Windows Live
2008-05-02 13:34 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 13:33 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-02 13:30 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-02 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-01 23:13 --------- d-----w C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-26 14:42 --------- d-----w C:\Program Files\Oberon Media
2008-04-25 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-23 00:17 --------- d-----w C:\Program Files\Coupons
2008-04-19 18:06 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 22:26 --------- d-----w C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 22:26 --------- d-----w C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-15 00:36 --------- d-----w C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 22:10 --------- d-----w C:\Program Files\LimeWire
2008-04-13 22:05 --------- d-----w C:\Program Files\Incomplete
2008-04-13 21:56 --------- d-----w C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_20.16.44.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 00:52:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 01:36:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-24 13:43:35 278,528 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-06-04 02:42:42 278,528 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"="C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10 11776]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="C:\WINDOWS\system32\lvhidsvc.exe" [2004-10-10 19:17 33280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]
C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2008-03-31 19:11:12 1078]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 14:43]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 00:53:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 01:59:13 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 16:31:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-05-31 15:22:31 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-06-03 21:50:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-03 21:57:07
ComboFix-quarantined-files.txt 2008-06-04 02:56:41
ComboFix2.txt 2008-06-03 01:18:11
Pre-Run: 26,302,103,552 bytes free
Post-Run: 26,290,958,336 bytes free
318 --- E O F --- 2008-05-16 04:30:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:42 PM, on 6/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 12167 bytes
-
Access your Add and Remove programs and remove this older version of Java
J2SE Runtime Environment 5.0 Update 3
Don't reboot the computer, instead
==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\system32\g3.exe
C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
Folder::
C:\Program Files\Coupons
C:\WINDOWS\system32\vntiho05
C:\WINDOWS\system32\Ucom1
C:\WINDOWS\system32\sIE6
C:\WINDOWS\system32\evd2
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\4026c
C:\WINDOWS\RGVuc3RlZHRz
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"=-
[/color]
Save this as txtfile on your desktop
name it:
CFScript
Again, ensure Protection software is disabled
(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log
Post back all the following:
1. Post the log from ComboFix that opens
2. Post a fresh Hijackthis log
Let me know how things are running please
-
computer is still running slow. Takes about 25 min for it to fully start up. Opening up an internet window takes about 7 min. Now I have shadows and blurs by all letters and pics.
New logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:58 PM, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 12108 bytes
ComboFix 08-06-03.1 - Ours 2008-06-04 16:38:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.239 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ours\Desktop\CFScript.txt
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
C:\WINDOWS\system32\g3.exe
C:\WINDOWS\system32\hljwugsf.bin
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Coupons
C:\Program Files\Coupons\Coupons.com.url
C:\Program Files\Coupons\uninstall.exe
C:\Program Files\Coupons\Uninstall\IRIMG1.JPG
C:\Program Files\Coupons\Uninstall\IRIMG2.JPG
C:\Program Files\Coupons\Uninstall\IRIMG3.JPG
C:\Program Files\Coupons\Uninstall\IRIMG4.JPG
C:\Program Files\Coupons\Uninstall\IRIMG5.JPG
C:\Program Files\Coupons\Uninstall\IRIMG6.JPG
C:\Program Files\Coupons\Uninstall\IRIMG7.JPG
C:\Program Files\Coupons\Uninstall\IRIMG8.JPG
C:\Program Files\Coupons\Uninstall\uninstall.dat
C:\Program Files\Coupons\Uninstall\uninstall.xml
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\RGVuc3RlZHRz
C:\WINDOWS\RGVuc3RlZHRz\TmEncryptTemp.000
C:\WINDOWS\system32\4026c
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\evd2
C:\WINDOWS\system32\g3.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\sIE6
C:\WINDOWS\system32\sIE6\patdll190.exe
C:\WINDOWS\system32\Ucom1
C:\WINDOWS\system32\vntiho05
.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.
2008-06-03 22:11 . 2008-06-03 22:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15 . 2008-06-03 16:15 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-06-03 16:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-03 16:14 . 2008-06-03 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-03 16:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 20:39 . 2008-06-01 20:39 <DIR> d-------- C:\Deckard
2008-05-31 10:54 . 2008-05-31 11:25 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37 . 2008-05-31 10:45 8,002,338,816 --ahs---- C:\gobackio.bin
2008-05-31 10:36 . 2008-05-31 10:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19 . 2008-05-31 11:29 <DIR> d-------- C:\Program Files\Norton SystemWorks
2008-05-31 10:09 . 2008-05-31 11:00 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 10:09 . 2008-05-31 11:00 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 10:09 . 2008-05-31 11:00 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 10:09 . 2008-05-31 11:00 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 09:59 . 2008-05-31 11:00 <DIR> d-------- C:\Program Files\Symantec
2008-05-31 09:57 . 2008-05-31 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48 . 2008-06-04 16:12 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12 . 2008-05-31 09:12 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12 . 2008-05-31 09:12 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00 . 2008-05-31 09:00 <DIR> d-------- C:\Program Files\CheckIt
2008-05-30 21:44 . 2008-05-30 21:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 12:20 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\QuickTime
2008-05-30 12:20 . 2008-05-31 21:16 <DIR> d-------- C:\Program Files\iTunes
2008-05-30 12:20 . 2008-05-31 21:15 <DIR> d-------- C:\Program Files\iPod
2008-05-30 12:20 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-30 03:34 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\iPod(2)
2008-05-30 03:33 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12 . 2008-05-30 12:20 <DIR> d-------- C:\Program Files\Apple Software Update(2)
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-22 19:52 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-22 19:48 . 2008-05-22 19:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39 . 2008-05-22 19:39 <DIR> d-------- C:\WINDOWS\EHome
2008-05-22 19:27 . 2008-04-13 19:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-22 19:26 . 2008-04-13 19:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-22 19:25 . 2008-04-13 19:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll
2008-05-22 19:25 . 2008-04-13 19:11 4,255 --a------ C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,967 --a------ C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,775 --a------ C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,711 --a------ C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,647 --a------ C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,615 --a------ C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11 3,135 --a------ C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-05-13 18:25 . 2008-05-13 18:25 <DIR> d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47 . 2008-05-11 21:47 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47 . 2008-05-11 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45 . 2008-05-11 21:45 <DIR> d-------- C:\Program Files\GameHouse
2008-05-11 21:45 . 2008-05-11 21:45 <DIR> d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-07 17:43 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-07 17:43 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-07 17:43 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-07 17:43 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 21:28 --------- d-----w C:\Program Files\Java
2008-06-01 02:00 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 14:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 14:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-31 03:16 --------- d-----w C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 22:08 --------- d-----w C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-20 01:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 21:17 --------- d-----w C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 12:16 --------- d-----w C:\Program Files\Windows Live
2008-05-02 13:34 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 13:33 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-02 13:30 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-02 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-01 23:13 --------- d-----w C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-26 14:42 --------- d-----w C:\Program Files\Oberon Media
2008-04-25 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-19 18:06 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 22:26 --------- d-----w C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 22:26 --------- d-----w C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-15 00:36 --------- d-----w C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 22:10 --------- d-----w C:\Program Files\LimeWire
2008-04-13 22:05 --------- d-----w C:\Program Files\Incomplete
2008-04-13 21:56 --------- d-----w C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_20.16.44.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 00:52:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 20:58:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-24 13:43:35 278,528 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-06-04 02:42:42 278,528 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10 11776]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="C:\WINDOWS\system32\lvhidsvc.exe" [2004-10-10 19:17 33280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]
C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2008-03-31 19:11:12 1078]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 14:43]
*Newly Created Service* - APPMGMT
.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 00:53:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 21:59:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 16:31:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-05-31 15:22:31 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-06-04 16:59:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-04 17:14:12
ComboFix-quarantined-files.txt 2008-06-04 22:13:41
ComboFix2.txt 2008-06-04 02:57:09
ComboFix3.txt 2008-06-03 01:18:11
Pre-Run: 26,206,150,656 bytes free
Post-Run: 26,200,821,760 bytes free
364 --- E O F --- 2008-06-04 03:11:49
-
I do notice you have possibly 2 AntiVirus software and 2 Software Firewalls installed
Symantec's and Trend Micro
Having more than one can cause system instabilities and slowness
Sometimes it's not enough to try and just disable one and use the other
Uninstalling one may be the best course
Try removing one Security suite you have installed then reboot afterwards
Come back
Run dss.exe from desktop again, post the new log from Main.txt that opens
-
I took out an av and its abit faster. no more popups. much better. anything else?
Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-04 19:06:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Ours.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:02 PM, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ours.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11527 bytes
-- Files created between 2008-05-04 and 2008-06-04 -----------------------------
2008-06-03 22:11:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15:36 0 d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:19:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 19:19:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 19:19:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 19:19:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 19:19:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 19:19:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 19:19:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 19:19:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-30 22:01:53 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-30 22:01:20 22784 --a------ C:\WINDOWS\xplugin.dll
2008-05-30 22:01:19 23808 --a------ C:\WINDOWS\winmgnt.exe
2008-05-30 22:01:19 16640 --a------ C:\WINDOWS\window.exe
2008-05-30 22:01:19 25856 --a------ C:\WINDOWS\winajbm.dll
2008-05-30 22:01:18 9984 --a------ C:\WINDOWS\win64.exe
2008-05-30 22:01:18 23552 --a------ C:\WINDOWS\win32e.exe
2008-05-30 22:01:18 30720 --a------ C:\WINDOWS\wEmail Removedexe
2008-05-30 22:01:18 19456 --a------ C:\WINDOWS\users32.exe
2008-05-30 22:01:18 28672 --a------ C:\WINDOWS\time.exe
2008-05-30 22:01:17 26624 --a------ C:\WINDOWS\systemcritical.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\systeem.exe
2008-05-30 22:01:17 15104 --a------ C:\WINDOWS\svcinit.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\sistem.exe
2008-05-30 22:01:16 27136 --a------ C:\WINDOWS\searchword.dll
2008-05-30 22:01:16 23040 --a------ C:\WINDOWS\rundll16.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\quicken.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\qttasks.exe
2008-05-30 22:01:16 24832 --a------ C:\WINDOWS\olehelp.exe
2008-05-30 22:01:15 22272 --a------ C:\WINDOWS\notepad32.exe
2008-05-30 22:01:15 12032 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-30 22:01:15 29952 --a------ C:\WINDOWS\mswsc20.dll
2008-05-30 22:01:15 15616 --a------ C:\WINDOWS\mswsc10.dll
2008-05-30 22:01:14 18944 --a------ C:\WINDOWS\msspi.dll
2008-05-30 22:01:14 17920 --a------ C:\WINDOWS\msconfd.dll
2008-05-30 22:01:13 24064 --a------ C:\WINDOWS\inetinf.exe
2008-05-30 22:01:13 28928 --a------ C:\WINDOWS\iedll.exe
2008-05-30 22:01:13 31744 --a------ C:\WINDOWS\helpcvs.exe
2008-05-30 22:01:12 15616 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-30 22:01:12 11776 --a------ C:\WINDOWS\funny.exe
2008-05-30 22:01:12 20736 --a------ C:\WINDOWS\funniest.exe
2008-05-30 22:01:12 27904 --a------ C:\WINDOWS\explorer32.exe
2008-05-30 22:01:11 14080 --a------ C:\WINDOWS\editpad.exe
2008-05-30 22:01:11 14848 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-30 22:01:11 15616 --a------ C:\WINDOWS\directx32.exe
2008-05-30 22:01:11 22016 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-30 22:01:11 28672 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 22:01:11 13056 --a------ C:\WINDOWS\cpan.dll
2008-05-30 22:01:10 27136 --a------ C:\WINDOWS\clrssn.exe
2008-05-30 22:01:10 20736 --a------ C:\WINDOWS\avpcc.dll
2008-05-30 22:01:10 11776 --a------ C:\WINDOWS\accesss.exe
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-06-04 18:37:48 0 d-------- C:\Program Files\Trend Micro
2008-06-04 16:28:25 0 d-------- C:\Program Files\Java
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-02 08:30:32 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 17:33:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 08:38:03 0 d-------- C:\Documents and Settings\Ours\Application Data\funkitron
2008-04-04 08:22:18 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-04 08:22:13 0 d-------- C:\Program Files\Real
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 09:22 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 07:10 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [3/31/2008 7:11:12 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [1/9/2002 10:53:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [9/4/1999 5:23:00 PM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 11:45:12 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-06-04 19:10:06 ------------
-
If you happen to have a version of Smitfraudfix, delete it
Do the following
Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We'll need this later
Print these set of instructions, or save them to a text file on desktop for reference
Reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
In safe mode
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't
Reboot back to Normal Windows
I'll need to see the log it generates later, by default it is located at
C:\rapport.txt
============================================
Post back the following:
1. Post the report from Smitfraudfix>>C:\Rapport.txt
2. Again, run dss.exe and post a fresh log from Main.txt
-
new logs for ya.
SmitFraudFix v2.323
Scan done at 20:38:37.50, Wed 06/04/2008
Run from C:\Documents and Settings\Ours\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\accesss.exe Deleted
C:\WINDOWS\astctl32.ocx Deleted
C:\WINDOWS\avpcc.dll Deleted
C:\WINDOWS\clrssn.exe Deleted
C:\WINDOWS\cpan.dll Deleted
C:\WINDOWS\mtwirl32.dll Deleted
C:\WINDOWS\notepad32.exe Deleted
C:\WINDOWS\olehelp.exe Deleted
C:\WINDOWS\systeem.exe Deleted
C:\WINDOWS\systemcritical.exe Deleted
C:\WINDOWS\time.exe Deleted
C:\WINDOWS\users32.exe Deleted
C:\WINDOWS\wEmail Removedexe Deleted
C:\WINDOWS\win32e.exe Deleted
C:\WINDOWS\win64.exe Deleted
C:\WINDOWS\winajbm.dll Deleted
C:\WINDOWS\window.exe Deleted
C:\WINDOWS\winmgnt.exe Deleted
C:\WINDOWS\xplugin.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer=208.38.65.37,208.38.65.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer=208.38.65.37,208.38.65.35
HKLM\SYSTEM\CS3\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer=208.38.65.37,208.38.65.35
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-04 20:52:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Ours.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:23, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ours.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11049 bytes
-- Files created between 2008-05-04 and 2008-06-04 -----------------------------
2008-06-04 20:38:49 3010 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 22:11:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15:36 0 d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:19:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 19:19:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 19:19:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 19:19:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 19:19:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 19:19:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 19:19:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 19:19:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-30 22:01:53 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-30 22:01:17 15104 --a------ C:\WINDOWS\svcinit.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\sistem.exe
2008-05-30 22:01:16 27136 --a------ C:\WINDOWS\searchword.dll
2008-05-30 22:01:16 23040 --a------ C:\WINDOWS\rundll16.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\quicken.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\qttasks.exe
2008-05-30 22:01:15 29952 --a------ C:\WINDOWS\mswsc20.dll
2008-05-30 22:01:15 15616 --a------ C:\WINDOWS\mswsc10.dll
2008-05-30 22:01:14 18944 --a------ C:\WINDOWS\msspi.dll
2008-05-30 22:01:14 17920 --a------ C:\WINDOWS\msconfd.dll
2008-05-30 22:01:13 24064 --a------ C:\WINDOWS\inetinf.exe
2008-05-30 22:01:13 28928 --a------ C:\WINDOWS\iedll.exe
2008-05-30 22:01:13 31744 --a------ C:\WINDOWS\helpcvs.exe
2008-05-30 22:01:12 15616 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-30 22:01:12 11776 --a------ C:\WINDOWS\funny.exe
2008-05-30 22:01:12 20736 --a------ C:\WINDOWS\funniest.exe
2008-05-30 22:01:12 27904 --a------ C:\WINDOWS\explorer32.exe
2008-05-30 22:01:11 14080 --a------ C:\WINDOWS\editpad.exe
2008-05-30 22:01:11 14848 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-30 22:01:11 15616 --a------ C:\WINDOWS\directx32.exe
2008-05-30 22:01:11 22016 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-30 22:01:11 28672 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-06-04 18:37:48 0 d-------- C:\Program Files\Trend Micro
2008-06-04 16:28:25 0 d-------- C:\Program Files\Java
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-02 08:30:32 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 17:33:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 08:38:03 0 d-------- C:\Documents and Settings\Ours\Application Data\funkitron
2008-04-04 08:22:18 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-04 08:22:13 0 d-------- C:\Program Files\Real
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 23:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 17:24]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 17:34]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 21:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 00:13]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 13:20]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 19:10]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 13:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 19:12]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [3/31/2008 7:11:12 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [1/9/2002 10:53:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [9/4/1999 5:23:00 PM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 11:45:12 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-06-04 20:56:26 ------------
-
Download [color=\"blue\"]OTMoveIt2.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\") by OldTimer:
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below in [color=\"#0000FF\"]Blue[/color] to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]C:\WINDOWS\system32\vntiho18
C:\WINDOWS\svcinit.exe
C:\WINDOWS\sistem.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\msconfd.dll
C:\WINDOWS\inetinf.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\funny.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctfmon32.exe[/color]
======================================================
- Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
Post that log from OTMoveit
And once again, double click on dss.exe, post the New log that opens
Also, keep me informed how things are running
-
Computer is getting much better. My clock is on military time.
Here are the logs.
C:\WINDOWS\system32\vntiho18 moved successfully.
C:\WINDOWS\svcinit.exe moved successfully.
C:\WINDOWS\sistem.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\searchword.dll
C:\WINDOWS\searchword.dll NOT unregistered.
C:\WINDOWS\searchword.dll moved successfully.
C:\WINDOWS\rundll16.exe moved successfully.
C:\WINDOWS\quicken.exe moved successfully.
C:\WINDOWS\qttasks.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mswsc20.dll NOT unregistered.
C:\WINDOWS\mswsc20.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc10.dll NOT unregistered.
C:\WINDOWS\mswsc10.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\msspi.dll
C:\WINDOWS\msspi.dll NOT unregistered.
C:\WINDOWS\msspi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\msconfd.dll
C:\WINDOWS\msconfd.dll NOT unregistered.
C:\WINDOWS\msconfd.dll moved successfully.
C:\WINDOWS\inetinf.exe moved successfully.
C:\WINDOWS\iedll.exe moved successfully.
C:\WINDOWS\helpcvs.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\gfmnaaa.dll NOT unregistered.
C:\WINDOWS\gfmnaaa.dll moved successfully.
C:\WINDOWS\funny.exe moved successfully.
C:\WINDOWS\funniest.exe moved successfully.
C:\WINDOWS\explorer32.exe moved successfully.
C:\WINDOWS\editpad.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\dnsrelay.dll NOT unregistered.
C:\WINDOWS\dnsrelay.dll moved successfully.
C:\WINDOWS\directx32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctrlpan.dll NOT unregistered.
C:\WINDOWS\ctrlpan.dll moved successfully.
C:\WINDOWS\ctfmon32.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_161001
Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-05 16:12:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Ours.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:34, on 6/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ours.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader5.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207005698253\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207007319156\")
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab (http://\"http://ajlovesweasel-1969.spaces.live.com/PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11059 bytes
-- Files created between 2008-05-05 and 2008-06-05 -----------------------------
2008-06-04 22:15:43 0 d--h----- C:\WINDOWS\PIF
2008-06-04 20:38:49 3010 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 22:11:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15:36 0 d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:19:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 19:19:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 19:19:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 19:19:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 19:19:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 19:19:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 19:19:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 19:19:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-06-04 18:37:48 0 d-------- C:\Program Files\Trend Micro
2008-06-04 16:28:25 0 d-------- C:\Program Files\Java
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-02 08:30:32 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 23:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 17:24]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 17:34]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 21:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 00:13]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 13:20]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 19:10]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 13:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 19:12]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [3/31/2008 7:11:12 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [1/9/2002 10:53:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [9/4/1999 5:23:00 PM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 11:45:12 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-06-05 16:15:13 ------------
-
Can you do the following
Ensure that dss.exe is on your desktop
Go to START>>RUN>>Copy and paste the next command in bold
"%userprofile%\desktop\dss.exe" /daft
Then press Enter
* Click on the Scan button.
* Select everything it is displaying there
* Click the Fix button.
* Then rescan with DAFT again - it should say now that "All associations are OK"
* Close DAFT if you receive that message. This means that it is fixed now.
Can you do the following for me, although legit
Can you open taskmanager and let me know what CPU Useage is like
I'm curious about the following entry
lvhidsvc.exe
Does it use much CPU?
Just checking, it appears to be related to Lifeview HID Remote Controller
Some users reported high useage with it, others have no problems
How is it on your end?
Don't worry about the military time right now, we'll fix that in a bit
-
Did the scan you wanted done.
as for "lvhidsvc.exe" From the time Puter was started till you asked me to check it, it has been 25 min and there is no cpu used at all in that time frame.
The only prob that I am having is my screen looks smudged. Its like everything slid over and left smeered tracks.
-
It could be your display drivers got corrupt
Have you checked your display properties to ensure everything looks ok
Can you do the following also
download [color=\"#0000FF\"]OTScanIt.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe\") to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
[color=\"#800080\"]Note: You must be logged on to the system with an account that has Administrator privileges to run this program.[/color]- Close ALL OTHER PROGRAMS.
- Open the OTScanIt folder and double-click on OTScanIt.exe to start the program
- In the Drivers section click on Non-Microsoft.
- Under Additional Scans click the checkboxes in front of the following items to select them:
[color=\"#A0522D\"]Reg - BotCheck
Reg - Software Policy Settings[/color]
- Copy/Paste the text in the codebox below into the Custom Scans box:
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\Desktop
- Do not change any other settings.
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Save the file to your desktop or other location where you can find it.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).
-
[quote name=\'guestolo\' post=\'430371\' date=\'Jun 6 2008, 04:14 PM\']It could be your display drivers got corrupt
Have you checked your display properties to ensure everything looks ok
Can you do the following also
download [color=\"#0000ff\"]OTScanIt.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe\") to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
[color=\"#800080\"]Note: You must be logged on to the system with an account that has Administrator privileges to run this program.[/color]- Close ALL OTHER PROGRAMS.
- Open the OTScanIt folder and double-click on OTScanIt.exe to start the program
- In the Drivers section click on Non-Microsoft.
- Under Additional Scans click the checkboxes in front of the following items to select them:
[color=\"#a0522d\"]Reg - BotCheck
Reg - Software Policy Settings[/color]
- Copy/Paste the text in the codebox below into the Custom Scans box:
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\Desktop- Do not change any other settings.
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Save the file to your desktop or other location where you can find it.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).[/quote]
will check drivers.
-
You didn't copy and paste the following into the Custom scans box before scanning with OTScanit
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\Desktop
Can you please do so then upload the new scan
-
Sorry Bout that.
-
Can I get some info
Did you recently update your video drivers?
It is an ATI card correct?
Also
Can you right click an empty spot on desktop and select Properties
Under Settings>>Under Display can you post back Monitor info and and graphic adapter info
What is the screen resolution set at right now?
Also, can you try changing your background, as eg...
Use a Microsoft default
Under the DESKTOP tab>>below Background, can you select something like BLISS
Apply and OK it, how does the screen then look?
-
I did update monitor drivers about 30 minago.
ATI card? Dunno if it is.
Monitor info
COMPAQ FS7600 Color Monitor
Graphic Adapter Info
Chip Type: Intel®82845G Graphics Controller
DAC Type: Internal
Memory Size: 64 MB
Adapter String: Intel® 82845G/GL/GE/PE/GV Controller
Bios Info: Intel Video BIOS
Screen Res is set at 1024 by 768 pixels
Applied Desktop Background "Bliss" Picture came up fine but still have them "smudges"
-
I'm not sure if I understand smudges
Can you take a screenshot of your desktop
Press the PrtScr button or Alt PrtScr
Go to START>>All Programs>>accessories>>Paint
In paint choose Edit>>Paste
Save this to desktop
Upload the pic to something like Photobucket (http://\"http://photobucket.com/\")
After you upload to Photobucket
Share the direct link back here
-
http://i248.photobucket.com/albums/gg165/w...096/Smudges.jpg (http://\"http://i248.photobucket.com/albums/gg165/weasel096/Smudges.jpg\")
-
Can you tell me what part of that screen shot looks smudgy
It all looks really good on my end
-
When i started my puter today it was fine. Must be when the monitor gets warm it starts to do it. Not a software problem. Is there any other thing that I need to do? Oh yeah the clock. Its still on military time.
-
Let's do some clearing of the tools we used
Go to START>>RUN>>copy and paste the next command in Blue below
[color=\"#0000FF\"]ComboFix /u[/color]
Then click OK
This will uninstall Combofix and it's components, it should reset your clock also
If it doesn't, do the next step please
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box
REGEDIT4
[HKEY_CURRENT_USER\Control Panel\International]
"sTimeFormat"="h:mm:ss tt"
Double click on fix.reg and Allow to add/merge to the registry at the prompt
When we reboot the computer, the time should be back to Normal
Don't reboot yet
Instead
Delete Smitfraudfix.zip and it's folder on desktop
Open Malwarebytes' AntiMalware
In the main window open the Quarantine tab and "Delete All" in this area>>Don't choose Restore
Close MBAM
Afterwards, it's your option to uninstall it from Add and Remove Programs
Or hold onto it and update and run scans occassionally
When that's done
Open OTMoveit2.exe- Double-click OTMoveIt2.exe to run it.
- Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
- Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
- Select Yes to reboot Now
NOTE: This procedure will also delete OTMoveit.exe from desktop
Back in Windows
Here's a direct link to the manual on your Monitor, in case needed, it will show adjustments to your monitor
http://h10032.www1.hp.com/ctg/Manual/c00522046.pdf (http://\"http://h10032.www1.hp.com/ctg/Manual/c00522046.pdf\")
Taken from this link
http://h10025.www1.hp.com/ewfrf/wc/documen...product=1841657 (http://\"http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00508384&lc=en&cc=us&dlc=en&product=1841657\")
Check out the Tips and Recommendations
Also ensure that the Power and Video cable from the monitor to wall and computer and connected securely
You may want to Degauss the monitor if you haven't done this
Only do it once, as stated in the manual
If monitor is overheating: As stated by manual
There is not enough air space
to allow proper ventilation.
Leave at least 3
inches (76 mm) of
ventilation space
around the monitor,
and do not place
objects on top of the
monitor.
Do the above and let me know how things are running afterwards, let me know if the time of clock is back to Normal too please
Also, what is the refresh rate of the monitor set at?
-
Thanks for the links.
It is running like normal now. Thank you very much.
Clock is back to normal again
Screen refresh rate is 75 hertz
-
All sounds good, I did realize however
After you removed Trend Security suite, it left you without it's firewall software
Does your version of Norton Security have Firewall protection
We can get you a free Firewall software if it doesn't
Is your Norton's AntiVirus updated to latest definition files?
-
I just turned on my windows firewall.
My nortons has expired so i dont think i can get the updated virus definitions.
Waiting till payday to get new nortons.
-
Do you want to try a free AntiVirus software?
We'll have to make sure Norton's is uninstalled before we install a new one
-
What program are you thinking of?
-
I was thinking about Avira or Avast for AntiVirus
Would you like to try one?
If so, like I mentioned download the installer first
Don't install yet, instead we'll have to remove Norton's first
Do you want full instructions
-
let me check them out first. I will get back to you soon.
I will be out of town from tuesday till sat night. Hope to let you know before then.
-
I'll lock this topic as your problems appear resolved
Take care