Author Topic: Help! Can't open programs, etc (Read 1454 times)

guestolo · « **Reply #20 on:** March 30, 2008, 11:25:03 PM »

Did you find the PS/2 adapter?

What about the fresh hijackthis log?

mjm · « **Reply #21 on:** March 30, 2008, 11:39:00 PM »

No, I can't locate the adaptor.. I'm afraid that'll have to wait till tomorrow. The problem returned after rebooting... same symptoms, same alerts from ZoneAlarm and McAfee. I had to run the registry fix again in order to generate another logfile (below).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:34 PM, on 3/30/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Documents and Settings\Michael\cftmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12336 bytes

guestolo · « **Reply #22 on:** March 30, 2008, 11:59:30 PM »

Do the following please

If you have any other copy(s) of ComboFix, delete them
Download this file - Combofix.exe and save it ONLY to your desktop

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]File::
C:\WINDOWS\system32\drivers\spools.exe
C:\Documents and Settings\Michael\cftmon.exe
C:\scdd.exe
C:\W3NG.exe
C:\Documents and Settings\Michael\ftp33.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntuser"=-
"autoload"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"TkBellExe"=-
"ntuser"=-
"autoload"=
[/color]
Save this as txtfile on your desktop
name it:
CFScript

Disable McAfee's so as it won't interfere with the next fix

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log

Post the combofix log along with a fresh hijackthis log

NOTE: Combofix will disconnect your Internet connection till after it reboots the computer
If after the log opens, you do not have connection
Simply reboot your computer again manually

mjm · « **Reply #23 on:** March 31, 2008, 12:36:13 AM »

Here's the 2 log files requested. I'll check for any additional instructions in the morning. Thanks again for the help.

-Michael

----------------------

ComboFix 08-03-30.2 - Michael 2008-03-30 23:43:09.1 - NTFSx86
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\Documents and Settings\Michael\cftmon.exe
C:\Documents and Settings\Michael\ftp33.dll
C:\scdd.exe
C:\W3NG.exe
C:\WINDOWS\system32\drivers\spools.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michael\cftmon.exe
C:\scdd.exe
C:\W3NG.exe
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-30 23:38 . 2001-08-17 12:12 148,992 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-03-30 23:37 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-03-30 23:36 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-03-30 23:35 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-03-30 23:34 . 2001-08-17 14:56 1,738,496 --a--c--- C:\WINDOWS\system32\dllcache\nv4.dll
2008-03-30 23:33 . 2001-08-17 12:12 185,728 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-03-30 23:32 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-03-30 23:31 . 2001-08-17 22:36 585,344 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-03-30 23:30 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-03-30 23:29 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-03-30 23:28 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-03-30 23:27 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-03-30 23:26 . 2008-03-30 23:38 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-30 23:26 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-03-30 20:48 . 2008-03-30 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 20:39 . 2008-03-30 20:39 <DIR> d-------- C:\Deckard
2008-03-30 19:05 . 2008-03-30 19:13 <DIR> d-------- C:\I386
2008-03-30 13:55 . 2008-03-30 20:49 <DIR> d-------- C:\HJT
2008-03-30 13:39 . 2008-03-30 17:04 <DIR> d-------- C:\Documents and Settings\Michael\.housecall6.6
2008-03-30 13:25 . 2001-10-21 09:35 11,037 --a------ C:\WINDOWS\system32\RUNDLL32.EX_
2008-03-22 00:35 . 2008-03-22 00:35 <DIR> d-------- C:\Program Files\Active Data Recovery Services
2008-03-18 13:53 . 2008-03-18 13:53 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\HP
2008-03-16 08:44 . 2008-03-16 08:44 <DIR> d-------- C:\Documents and Settings\Trina\Application Data\HPAppData
2008-03-15 18:24 . 2008-03-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-15 18:21 . 2008-03-20 10:16 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\HPAppData
2008-03-15 18:21 . 2008-03-15 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-15 18:20 . 2008-03-15 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-15 18:20 . 2008-03-15 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-15 18:19 . 2008-03-15 18:19 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-15 18:17 . 2008-03-15 18:21 <DIR> d-------- C:\Program Files\HP
2008-03-15 18:14 . 2008-03-15 18:01 136,918 --------- C:\WINDOWS\HPHins15.dat.temp
2008-03-15 18:14 . 2007-08-27 23:45 2,828 --------- C:\WINDOWS\hphmdl15.dat.temp
2008-03-15 17:57 . 2008-03-15 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-15 17:57 . 2008-03-15 18:23 137,607 --a------ C:\WINDOWS\HPHins15.dat
2008-03-15 17:57 . 2007-08-27 23:45 2,828 --------- C:\WINDOWS\hphmdl15.dat
2008-03-15 17:56 . 2007-03-30 08:11 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-15 17:56 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-03-15 17:56 . 2001-07-21 14:40 3,144 --a--c--- C:\WINDOWS\system32\dllcache\srgb.icm
2008-03-15 17:55 . 2001-08-17 14:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-15 17:55 . 2001-08-17 14:00 24,832 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-14 01:27 . 2008-03-30 17:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-14 01:27 . 2008-03-14 01:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-13 09:20 . 2008-03-13 09:20 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Total Eclipse
2008-03-10 12:41 . 2008-03-10 12:41 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Jane s Hotel
2008-03-06 23:14 . 2008-03-06 23:16 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\gemsweeperextractedgfx
2008-03-06 23:14 . 2008-03-06 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\My Games
2008-03-06 09:40 . 2008-03-06 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-05 23:59 . 2008-03-05 23:59 <DIR> d-------- C:\Program Files\ImageShackToolbar
2008-02-24 15:19 . 2008-03-30 10:24 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\MSN6
2008-02-24 15:19 . 2008-02-24 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-23 16:37 . 2008-02-23 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2008-02-17 08:33 . 2008-02-17 08:33 <DIR> d-------- C:\Documents and Settings\Michael\Saved Games
2008-02-17 07:55 . 2008-02-17 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 01:56 --------- d-----w C:\Documents and Settings\Michael\Application Data\uTorrent
2008-03-28 17:28 --------- d-----w C:\Documents and Settings\Michael\Application Data\PlayFirst
2008-03-28 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-25 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-16 01:12 --------- d-----w C:\Program Files\EPSON
2008-03-16 01:10 --------- d-----w C:\Program Files\MSN Games
2008-03-13 04:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 13:56 2,636,800 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-09 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-06 21:41 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
2008-02-25 10:08 86,933 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_23_02_01_59_small.dmp.zip
2008-02-25 10:08 17,218,400 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_23_00_26_23_full.dmp.zip
2008-02-25 10:07 91,719 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_22_23_03_46_small.dmp.zip
2008-02-25 10:07 87,356 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_22_23_46_34_small.dmp.zip
2008-02-23 03:04 100,013 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_22_19_27_10_small.dmp.zip
2008-02-18 06:02 18,255,480 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-23 21:59 90,992 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_22_15_38_13_small.dmp.zip
2007-12-15 07:55 96,974 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_14_23_30_10_small.dmp.zip
2007-11-26 20:22 41,472 ----a-w C:\Program Files\Ochsner Medical Center log in.doc
2007-11-07 03:16 87,406 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_10_44_04_small.dmp.zip
2007-11-07 03:16 87,361 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_03_12_25_small.dmp.zip
2007-11-07 03:16 84,152 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_02_07_50_small.dmp.zip
2007-06-22 03:13 2,647,552 ----a-w C:\WINDOWS\Internet Logs\xDB2729.tmp
2007-06-22 03:13 1,935,360 ----a-w C:\WINDOWS\Internet Logs\xDB272A.tmp
2007-04-07 15:28 1,826,816 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-01-16 19:58 1,601,536 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2006-12-30 17:47 1,561,600 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-11 09:44 1,438,720 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-11-11 08:47 1,435,136 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-11-11 04:57 1,434,624 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-10-19 20:52 1,315,840 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2006-10-04 20:20 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2006-03-20 18:48 6,939 ----a-w C:\Program Files\viewexif.xpi
2006-02-06 07:18 110,080 --sha-w C:\Program Files\Thumbs.db
2002-12-02 19:02 30 ----a-w C:\Program Files\Wfa.ini
2002-12-02 19:02 24,576 ----a-w C:\Program Files\Wfa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Rasmpc]
@={9D1F87E7-4D72-41AB-9D57-D101A08F20E5}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-12-10 16:39 53248]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 02:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38 968696]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2001-10-21 09:34 51200 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Trina\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-06-17 13:03:30 256000]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-04 21:36:22 113664]
VonageRestart.exe [2006-08-17 03:58:46 3889140]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-03-11 18:17:46 110592]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-03-16 13:22:23 233472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 06:35:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 23:46:36
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-30 23:47:39
ComboFix-quarantined-files.txt 2008-03-31 06:47:36
Pre-Run: 49,271,451,648 bytes free
Post-Run: 49,286,598,656 bytes free

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:24 PM, on 3/30/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\CF9120.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12081 bytes

mjm · « **Reply #24 on:** March 31, 2008, 01:09:15 AM »

Update - Everything appears to be working normally after running Combofix and rebooting. Also, I haven't recieved any more pop ups from ZoneAlarm or McAfee. Are those issues resolved now as well?

Here's a fresh log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:41 AM, on 3/31/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11959 bytes

guestolo · « **Reply #25 on:** March 31, 2008, 12:36:22 PM »

Can you run another scanner for me please

temporarily disable McAfee antivirus ahead of time
Then
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

mjm · « **Reply #26 on:** March 31, 2008, 03:26:04 PM »

Here is the requested report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 31, 2008 2:42:31 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/03/2008
Kaspersky Anti-Virus database records: 674679
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 105413
Number of viruses found: 6
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 01:40:22

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080330204523\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6aa2917d8adef8359149c8dcdbc26090_76d03e56-2d5e-415c-b982-09900d580a44 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\history.dat Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\key3.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012008033120080401\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\temp\~DFEB4C.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\~31324.tmp Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Trina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-1726b875.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Trina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-1726b875.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Michael\cftmon.exe.vir Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\QooBox\Quarantine\C\scdd.exe.vir Infected: Trojan-Dropper.Win32.Small.bep skipped
C:\QooBox\Quarantine\C\W3NG.exe.vir Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1163\A0325404.dll Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1164\A0325494.dll Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1164\A0325530.dll Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\A0327741.exe Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\A0327742.exe Infected: Trojan-Dropper.Win32.Small.bep skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\A0327743.exe Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MICHAEL-N66C1KN.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\1162362433.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\WINDOWS\system32\1162362433.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1162362433.exe/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1162362433.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT028bf.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03636.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\change.log Object is locked skipped

Scan process completed.

guestolo · « **Reply #27 on:** March 31, 2008, 07:49:06 PM »

That looks good, why are you so behind on Windows updates??
Is this an illegal version of XP, just enquiring

mjm · « **Reply #28 on:** March 31, 2008, 08:32:31 PM »

[quote name=\'guestolo\' post=\'425565\' date=\'Mar 31 2008, 06:49 PM\']That looks good, why are you so behind on Windows updates??
Is this an illegal version of XP, just enquiring[/quote]

Yes, my version won't allow further updates. Thanks so much for your time... you've been a tremendous help!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

-Michael

guestolo · « **Reply #29 on:** April 01, 2008, 08:06:24 AM »

Try to keep this computer as safe as possible, without the updates, you risk reinfection

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
From that link scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
Click the "Download" button to the right.
Click the Accept button>>the page will refresh
Click on the link to download Windows Offline Installation, Multi-language (15.18 MB) and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:
* Java 2 Runtime Environment, SE v1.4.2
* J2SE Runtime Environment 5.0
* J2SE Runtime Environment 5.0 Update 2
[/list]
In your case, remove
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Don't install the new version yet

Go to START>>RUN>>copy then paste the next entry in bold

ComboFix /u
Then hit OK
This will uninstall combofix

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully

When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

Save it to your desktop.
Double-click OTMoveIt2.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

After reboot, go ahead and install the latest version of Sun Java from the installer on desktop

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

In addition, it would be a good idea to download and install
Spybot 1.5.2.20
After installation, Search for and Download all updates
After updating, utilize the Immunization feature
Click Immunize>>Immunize again the top green cross
Do that after every update
Probably a good idea to Check for Problems and fix anything in Red

It's a great idea to use Mozilla Firefox, I see you have it installed
But it is an older version, for security reasons, you should update it also
Download the latest version from here
http://www.mozilla.com/en-US/firefox/
Uninstall your version from add/remove programs then install the newest

Take a look at miekiemoes site with other ideas on How to prevent Malware:

I hope that helps

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

mjm · « **Reply #30 on:** April 01, 2008, 01:10:20 PM »

Cool... thanks for the tips... and the help!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

-Michael

guestolo · « **Reply #31 on:** April 01, 2008, 06:16:36 PM »

Your welcome, I'll lock this topic as your problems appear resolved
Take care mjm

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Help! Can't open programs, etc (Read 1454 times)

guestolo

Help! Can't open programs, etc

mjm

Help! Can't open programs, etc

guestolo

Help! Can't open programs, etc

mjm

Help! Can't open programs, etc

mjm

Help! Can't open programs, etc

guestolo

Help! Can't open programs, etc

mjm

Help! Can't open programs, etc

guestolo

Help! Can't open programs, etc

mjm

Help! Can't open programs, etc

guestolo

Help! Can't open programs, etc

mjm

Help! Can't open programs, etc

guestolo

Help! Can't open programs, etc