View Full Version : Cannot get rid of trats virus, generic dropper, and virtumonde
Sure glad you guys are here. I have tried everything! The virus and malware keep coming back. After following the directions in the "before you post" thread, here is a HJT log after a Kapersky scan. I have a log of before the first Kaps scan too. (Kaps scan to follow):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:03 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URLhttp://go.microsoft.com/fwlink/?LinkId54896[
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page http://go.microsoft.com/fwlink/?LinkId=54896[
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqn.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BOB\Application Data\Mozilla\Profiles\default\p0ly8aft.slt\prefs.js)
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [44abe178] rundll32.exe "C:\WINDOWS\system32\ybbrxonx.dll",b
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ESPN BottomLine] "C:\Program Files\ESPN\BottomLine\bline.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support/tutorials/Click2Talk/ClickToTalkTS/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cabO16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object)https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/casinoshare/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 16333 bytes
Protection
----------
Total scanned: 3542
Detected: 45
Untreated: 20
Start time: 1/22/2008 5:34:37 AM
Duration: 00:00:00
Finish time: 1/22/2008 5:34:37 AM
Detected
--------
Status Object
------ ------
will be deleted when the computer is restarted: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\csnxrmws.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dih File: C:\WINDOWS\system32\awtqn.dll
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: ctfmon.exe\ctfmon.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\7CDOE0EM\tr[1]
detected: adware not-a-virus:AdWare.Win32.SuperJuan.ez File: C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\BZMKY6SU\apst377[1]
detected: Trojan program Trojan-Clicker.Win32.Agent.ij File: C:\downloads ares\adobe acrobat 8 professional activation crack keygen serial(3).exe//data.rar/Patch.exe//FSG
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\iTunes\iTunesHelper.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\VundoFix Backups\agvjeigx.dll.bad
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\VundoFix Backups\jlpmalhc.dll.bad
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\VundoFix Backups\lyinyuvy.dll.bad
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\bdsvpadu.dll
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\WINDOWS\system32\ctfmon.exe.tmp
detected: adware not-a-virus:AdWare.Win32.Virtumonde.din File: C:\WINDOWS\system32\dpgbhsgq.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\fpvgqobd.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnl File: C:\WINDOWS\system32\pktvjfgf.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\pynfbdua.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\tpqvdyyk.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.din File: C:\WINDOWS\system32\usminpio.dll
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp .exe\avp .exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: ctfmon.exe\ctfmon.exe
Events
------
Time Event
---- -----
1/21/2008 9:07:23 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
1/21/2008 9:09:10 PM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:09:10 PM Security threats have been detected. You are advised to neutralize them immediately.
1/21/2008 9:09:10 PM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:09:13 PM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:09:13 PM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:10:04 PM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:04 PM Running module avp.exe\avp.exe: is still infected, postponed.
1/21/2008 9:10:04 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:04 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: is still infected, postponed.
1/21/2008 9:10:05 PM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:05 PM Running module ctfmon.exe\ctfmon.exe: is still infected, postponed.
1/21/2008 9:10:10 PM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:10:10 PM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:10:17 PM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:10:17 PM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:10:25 PM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:25 PM Running module avp.exe\avp.exe: is still infected, postponed.
1/21/2008 9:10:25 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:25 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: is still infected, postponed.
1/21/2008 9:10:25 PM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:25 PM Running module ctfmon.exe\ctfmon.exe: is still infected, postponed.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:11:53 PM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/CmnIds.vbs: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/arrow_right.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/btn_signup_52x20.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/more_info.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_bottom.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_bottom_red.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_top.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_top_red.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/transpix.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/watermark_mys_150x130.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/oemcfg.vbs: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/OEMIds.vbs: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/valert.htm: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/valert_old.htm: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/hs~valert.htm: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareDetector.zip/SDRemoveDB.db: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareDetector.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/awtqn.dll: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/awtqn.dll_old: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/awtqn.dll_old: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip/awtqn.dll_old: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip/csnxrmws.dllbox: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip/csnxrmws.dllbox: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric10.zip/csnxrmws.dll_old: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric10.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric11.zip/csnxrmws.dll: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric11.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric12.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric12.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric13.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric13.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric15.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric15.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric16.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric16.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric17.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric17.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric44.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric5.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric5.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric6.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric6.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric7.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric7.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric9.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric9.zip/sbRecovery.ini: is password protected.
1/21/2008 10:17:29 PM File C:\Documents and Settings\Lori\Local Settings\Application Data\Ares\My Shared Folder\microsoft office 2003 professional (word, excel, powerpoint, access, frontpage, outlook, infopath, visio, project)(2).exe/[App] Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project).iso//SETUP.APM/ams_xml_pl.xml: is password protected.
1/21/2008 10:17:29 PM File C:\Documents and Settings\Lori\Local Settings\Application Data\Ares\My Shared Folder\microsoft office 2003 professional (word, excel, powerpoint, access, frontpage, outlook, infopath, visio, project)(2).exe/[App] Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project).iso//SETUP.APM/ams_xml_temp.xml: is password protected.
1/21/2008 10:18:59 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\7CDOE0EM\tr[1]: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 10:18:59 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\7CDOE0EM\tr[1]: is still infected, postponed.
1/21/2008 10:19:02 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\BZMKY6SU\apst377[1]: detected adware 'not-a-virus:AdWare.Win32.SuperJuan.ez'.
1/21/2008 10:19:02 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\BZMKY6SU\apst377[1]: is still infected, postponed.
1/21/2008 10:41:37 PM File C:\downloads ares\adobe acrobat 8 professional activation crack keygen serial(3).exe//data.rar/Patch.exe//FSG: detected Trojan program 'Trojan-Clicker.Win32.Agent.ij'.
1/21/2008 10:41:37 PM File C:\downloads ares\adobe acrobat 8 professional activation crack keygen serial(3).exe//data.rar/Patch.exe//FSG: is still infected, postponed.
1/21/2008 10:50:57 PM Update error: .
1/21/2008 11:10:56 PM Update error: .
1/21/2008 11:20:00 PM File C:\Program Files\iTunes\iTunesHelper.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 11:20:00 PM File C:\Program Files\iTunes\iTunesHelper.exe: is still infected, postponed.
1/21/2008 11:30:56 PM Update error: .
1/21/2008 11:33:58 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 11:33:58 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: is still infected, postponed.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm: is password protected.
1/21/2008 11:50:56 PM Update error: .
1/21/2008 11:56:34 PM File C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 11:56:34 PM File C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe: is still infected, postponed.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\agvjeigx.dll.bad: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\agvjeigx.dll.bad: is still infected, postponed.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\jlpmalhc.dll.bad: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\jlpmalhc.dll.bad: is still infected, postponed.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\lyinyuvy.dll.bad: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\lyinyuvy.dll.bad: is still infected, postponed.
1/22/2008 12:10:56 AM Update error: .
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\bdsvpadu.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\bdsvpadu.dll: is still infected, postponed.
1/22/2008 12:28:50 AM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:28:50 AM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/22/2008 12:28:52 AM File C:\WINDOWS\system32\ctfmon.exe.tmp: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 12:28:52 AM File C:\WINDOWS\system32\ctfmon.exe.tmp: is still infected, postponed.
1/22/2008 12:28:59 AM File C:\WINDOWS\system32\dpgbhsgq.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.din'.
1/22/2008 12:28:59 AM File C:\WINDOWS\system32\dpgbhsgq.dll: is still infected, postponed.
1/22/2008 12:29:04 AM File C:\WINDOWS\system32\fpvgqobd.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:29:04 AM File C:\WINDOWS\system32\fpvgqobd.dll: is still infected, postponed.
1/22/2008 12:29:44 AM File C:\WINDOWS\system32\pktvjfgf.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnl'.
1/22/2008 12:29:44 AM File C:\WINDOWS\system32\pktvjfgf.dll: is still infected, postponed.
1/22/2008 12:29:48 AM File C:\WINDOWS\system32\pynfbdua.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:29:48 AM File C:\WINDOWS\system32\pynfbdua.dll: is still infected, postponed.
1/22/2008 12:29:57 AM File C:\WINDOWS\system32\tpqvdyyk.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:29:57 AM File C:\WINDOWS\system32\tpqvdyyk.dll: is still infected, postponed.
1/22/2008 12:30:00 AM File C:\WINDOWS\system32\usminpio.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.din'.
1/22/2008 12:30:00 AM File C:\WINDOWS\system32\usminpio.dll: is still infected, postponed.
1/22/2008 12:30:57 AM Update error: .
1/22/2008 12:36:12 AM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:50:56 AM Update error: .
1/22/2008 1:10:56 AM Update error: .
1/22/2008 1:30:56 AM Update error: .
1/22/2008 1:50:56 AM Update error: .
1/22/2008 2:10:56 AM Update error: .
1/22/2008 2:30:56 AM Update error: .
1/22/2008 2:50:56 AM Update error: .
1/22/2008 3:10:56 AM Update error: .
1/22/2008 3:30:56 AM Update error: .
1/22/2008 3:50:56 AM Update error: .
1/22/2008 4:10:56 AM Update error: .
1/22/2008 4:30:56 AM Update error: .
1/22/2008 4:50:56 AM Update error: .
1/22/2008 5:10:56 AM Update error: .
1/22/2008 5:29:06 AM File c:\windows\system32\csnxrmws.dll will be deleted on system restart.
1/22/2008 5:29:09 AM Startup object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csnxrmws\csnxrmws: deleted.
1/22/2008 5:29:13 AM Startup object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}: deleted.
1/22/2008 5:29:16 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:29:31 AM File c:\windows\system32\csnxrmws.dll will be deleted on system restart.
1/22/2008 5:29:31 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:30:56 AM Update error: .
1/22/2008 5:30:58 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:30:58 AM File c:\windows\system32\awtqn.dll will be deleted on system restart.
1/22/2008 5:31:04 AM Startup object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24B1315D-2702-4C30-8571-6B5B7E2F249D}: deleted.
1/22/2008 5:31:07 AM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:31:08 AM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:31:15 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:30 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:30 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:30 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe will be deleted on system restart.
1/22/2008 5:31:30 AM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:30 AM Running module ctfmon.exe\ctfmon.exe: deleted.
1/22/2008 5:31:32 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:32 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:37 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:37 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:39 AM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:31:43 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:34:37 AM Security threats have been detected. You are advised to neutralize them immediately.
1/22/2008 5:38:00 AM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:38:00 AM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/22/2008 5:38:11 AM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:38:11 AM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/22/2008 5:39:23 AM Running module avp .exe\avp .exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:39:23 AM Running module avp .exe\avp .exe: is still infected, postponed.
1/22/2008 5:39:23 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:39:23 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe: is still infected, postponed.
1/22/2008 5:39:23 AM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:39:23 AM Running module ctfmon.exe\ctfmon.exe: is still infected, postponed.
1/22/2008 5:39:53 AM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:39:53 AM File c:\windows\system32\csnxrmws.dll: is still infected, postponed.
1/22/2008 5:40:03 AM File c:\program files\kaspersky lab\kaspersky anti-virus 6.0 sos\avp .exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:40:03 AM File c:\program files\kaspersky lab\kaspersky anti-virus 6.0 sos\avp .exe: is still infected, postponed.
Reports
-------
Component Status Start Finish Size
--------- ------ ----- ------ ----
Scan startup objects running 1/22/2008 5:36:45 AM 482 KB
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn c:\windows\system32\csnxrmws.dll 160 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo ctfmon.exe\ctfmon.exe 372 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo avp.exe\avp.exe 592 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo avp.exe\avp.exe 592 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\windows\system32\awtqn.dll 336.5 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo ctfmon.exe\ctfmon.exe 372 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe 576 KB
Hi nsga1
Rename HijackThis.exe to nsga1.exe and post back a fresh HijackThis log, please :)
Where do I change the name ? in the Hijack folderThank you. I'll try it when I get home tonight and repost.
Hi
Rename HijackThis.exe to nsga1.exe by doing the following;
Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down menu; "Rename"
And now Rename HijackThis.exe to nsga1.exe
When you've renamed HijackThis, open HijackThis again.
Take a fresh HijackThis log (click Do a system scan and save a log file)
Post the fresh HijackThis log here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:43 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\nsga1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BOB\Application Data\Mozilla\Profiles\default\p0ly8aft.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: {04ecce7c-ba69-ea19-26d4-6f0ea676f431} - {134f676a-e0f6-4d62-91ae-96abc7ecce40} - C:\WINDOWS\system32\acfrnddi.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {43B46ACD-6EE3-4C2A-B966-D0376B9B64A2} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /QS
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [44abe178] "rundll32.exe" "C:\WINDOWS\system32\ybbrxonx.dll",b
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tony')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1009\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Noelle')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingB4253] command /c del "C:\WINDOWS\system32\csnxrmws.dll_old" (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingD1987] cmd /c del "C:\WINDOWS\system32\csnxrmws.dll_old" (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingB9128] command /c del "C:\WINDOWS\system32\csnxrmws.dll" (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingD9388] cmd /c del "C:\WINDOWS\system32\csnxrmws.dll" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support/tutorials/Click2Talk/ClickToTalkTS/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/casinoshare/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0167741201228485) (0167741201228485mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\016774~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 21986 bytes
Hi
1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Post:
- a fresh HijackThis log
- combofix report
ComboFix 08-02.02.5 - Lori 2008-02-02 11:17:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1367 [GMT -5:00]
Running from: C:\Documents and Settings\Lori\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\setup.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acfrnddi.dll
C:\WINDOWS\system32\aqftkvvn.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bvjfikhf.dll
C:\WINDOWS\system32\fkaiimif.ini
C:\WINDOWS\system32\gfurykvh.ini
C:\WINDOWS\system32\kyuehqpt.dll
C:\WINDOWS\system32\lapmdxwh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlhtwmcr.dll
C:\WINDOWS\system32\nldgonkb.dll
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\oipnimsu.ini
C:\WINDOWS\system32\qgshbgpd.ini
C:\WINDOWS\system32\tpqheuyk.ini
C:\WINDOWS\system32\wftvvvcl.ini
C:\WINDOWS\system32\wqfdwxwv.dll
C:\WINDOWS\system32\wyhwoens.dll
C:\WINDOWS\system32\ylregyes.ini
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.
2008-02-02 11:01 . 2008-02-02 11:43 124 --a------ C:\WINDOWS\_WVINUSE.ini
2008-01-30 21:21 . 2008-01-30 21:21 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\Talkback
2008-01-21 19:55 . 2008-02-02 10:55 7,741,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 19:55 . 2008-02-02 10:55 1,054,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-21 19:55 . 2008-02-02 10:55 105,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 19:55 . 2008-02-02 10:55 101,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-21 19:54 . 2008-01-21 19:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\KAV
2008-01-21 13:28 . 2008-02-02 10:54 1,178 ---hs---- C:\WINDOWS\system32\xnoxrbby.ini
2008-01-21 12:29 . 2008-01-21 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-01-21 12:28 . 2005-11-15 22:16 357,632 -ra------ C:\WINDOWS\system32\drivers\2862WICB.sys
2008-01-21 12:27 . 2008-01-21 12:27 <DIR> d-------- C:\Program Files\SMC
2008-01-21 12:27 . 2008-01-21 12:27 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-21 10:51 . 2008-01-21 10:51 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\HPAppData
2008-01-19 07:29 . 2008-01-23 22:31 1,357 --a------ C:\WINDOWS\wininit.ini
2008-01-19 06:30 . 2008-01-19 06:30 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Talkback
2008-01-18 16:57 . 2008-01-19 05:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-18 16:57 . 2008-01-19 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-18 10:17 . 2008-01-19 12:34 2,667,099 --ahs---- C:\WINDOWS\system32\hwifxssq.ini
2008-01-16 16:29 . 2008-01-16 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:29 . 2008-01-16 16:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 15:57 . 2008-01-16 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-15 23:14 . 2008-01-15 23:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-15 23:12 . 2003-12-02 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-01-15 23:11 . 2008-01-15 23:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-11 23:08 . 2008-01-22 05:42 <DIR> d-------- C:\VundoFix Backups
2008-01-06 13:39 . 2008-01-06 13:39 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\HPAppData
2008-01-06 00:43 . 2008-01-06 00:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 23:56 . 2008-01-05 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-05 23:49 . 2007-03-07 23:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-05 23:48 . 2008-01-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-05 23:48 . 2007-03-07 23:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-05 23:45 . 2007-05-02 03:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-01-05 23:45 . 2007-05-02 04:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-01-05 23:45 . 2007-03-07 23:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-01-05 23:45 . 2007-03-07 23:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-01-05 23:45 . 2007-05-02 04:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-01-05 23:45 . 2007-03-07 23:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-05 23:25 . 2008-01-05 23:25 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HP
2008-01-05 23:19 . 2008-01-05 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-05 23:12 . 2008-01-05 23:14 146,986 --------- C:\WINDOWS\hpoins21.dat.temp
2008-01-05 23:12 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-01-05 22:49 . 2008-01-05 22:49 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HPAppData
2008-01-05 21:59 . 2008-01-05 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-05 21:59 . 2008-01-05 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-05 21:58 . 2008-01-05 21:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-05 21:57 . 2008-01-05 21:57 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-05 21:56 . 2008-01-05 21:56 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-05 21:54 . 2008-01-05 23:19 <DIR> d-------- C:\Program Files\HP
2008-01-05 21:52 . 2008-01-06 00:01 147,669 --a------ C:\WINDOWS\hpoins21.dat
2008-01-05 21:52 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-01-02 23:30 . 2008-01-02 23:30 <DIR> d-------- C:\Program Files\Casino Share Flash Casino
2008-01-02 18:28 . 2008-01-02 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-01-02 18:25 . 2008-01-02 18:25 <DIR> d-------- C:\MicroGaming
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 16:34 22 ----a-w C:\qpmd8376.bin
2008-02-02 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-02 03:11 --------- d-----w C:\Documents and Settings\Bob\Application Data\SiteAdvisor
2008-02-02 02:20 --------- d-----w C:\Program Files\VIP Casinos
2008-01-31 04:17 --------- d-----w C:\Documents and Settings\Noelle\Application Data\SiteAdvisor
2008-01-22 10:41 --------- d-----w C:\Program Files\iTunes
2008-01-22 01:11 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-22 00:18 --------- d-----w C:\Documents and Settings\Lori\Application Data\SiteAdvisor
2008-01-21 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 17:15 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2008-01-17 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-17 01:48 --------- d-----w C:\Documents and Settings\Lori\Application Data\McAfee
2008-01-11 03:31 --------- d-----w C:\Program Files\WhiteSmoke
2008-01-09 04:11 --------- d-----w C:\Program Files\QuickTime
2008-01-09 04:11 --------- d-----w C:\Program Files\ESPNRunTime
2008-01-09 04:11 --------- d-----w C:\Program Files\DIGStream
2008-01-09 04:10 --------- d-----w C:\Program Files\MSN Messenger
2008-01-09 04:10 --------- d-----w C:\Program Files\AIM95
2008-01-09 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-05 01:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 01:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 01:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 01:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 01:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 01:45 --------- d-----w C:\Program Files\DL_cats
2007-12-31 05:29 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-31 05:23 --------- d-----w C:\Program Files\Dell_Photo AIO Printer 962
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell_ENA
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell
2007-12-30 16:05 --------- d-----w C:\Program Files\KeyGen Crack
2007-12-30 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-12-30 00:38 --------- d-----w C:\Documents and Settings\Lori\Application Data\AdobeUM
2007-12-28 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 01:56 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-27 23:32 --------- d-----w C:\Documents and Settings\Lori\Application Data\Apple Computer
2007-12-23 00:02 --------- d-----w C:\Program Files\BatchPhoto
2007-12-23 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 04:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-09 21:11 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-08 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-09 01:13 164 ----a-w C:\install.dat
2002-05-19 05:57 944,797 ----a-w C:\Program Files\wrar300.exe
2002-05-15 04:37 473 ----a-w C:\Program Files\rarregkey.txt
2002-04-01 13:43 11,264 ----a-w C:\Program Files\readme.wri
.
<pre>
----a-w 620,152 2007-12-30 01:02:58 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
----a-w 57,344 2008-01-09 03:09:18 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 67,488 2007-12-30 01:03:04 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy .exe
----a-w 40,048 2007-12-30 01:02:55 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 67,112 2008-01-07 05:39:30 C:\Program Files\AIM95\aim .exe
----a-w 335,872 2008-01-07 20:53:33 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 2,321,600 2008-01-07 05:39:38 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater .exe
----a-w 94,208 2008-01-05 19:00:53 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w 28,672 2008-01-09 03:09:08 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w 278,528 2008-01-09 03:09:07 C:\Program Files\DIGStream\digstream .exe
----a-w 101,888 2008-01-09 03:09:12 C:\Program Files\ESPNRunTime\DIGServices .exe
----a-w 68,856 2008-01-09 03:09:21 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 49,152 2008-01-09 03:09:19 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 267,048 2008-01-16 21:29:06 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-09 03:09:13 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 231,952 2008-01-22 10:35:41 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
----a-w 67,128 2008-01-07 05:39:23 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
----a-w 582,992 2008-01-22 10:34:22 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 5,674,352 2008-01-07 05:39:49 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 13:47:40 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:51 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:51 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:51 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 13:47:41 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:52 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:52 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:52 C:\Program Files\QuickTime\qttask .exe
----a-w 36,904 2008-01-09 03:09:11 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w 5,367,608 2008-01-23 00:48:54 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 158,208 2008-01-21 17:15:05 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 28,672 2008-01-07 05:38:44 C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal .exe
----a-w 15,360 2008-01-22 10:35:18 C:\WINDOWS\system32\ctfmon .exe
----a-w 114,688 2008-01-07 05:38:43 C:\WINDOWS\system32\hkcmd .exe
----a-w 155,648 2008-01-07 05:38:41 C:\WINDOWS\system32\igfxtray .exe
</pre>
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{134f676a-e0f6-4d62-91ae-96abc7ecce40}]
C:\WINDOWS\system32\acfrnddi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43B46ACD-6EE3-4C2A-B966-D0376B9B64A2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-16 16:42 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [ ]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 13:12 2287152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"combofix"="C:\ComboFix\kmd.exe" [2004-08-04 02:56 388608]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"McWebDownlMgr"="C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe" [ ]
C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
Kaboom! Jr. Control Panel.lnk - C:\Documents and Settings\Lori\My Documents\My Music\KAB_JR\KABOOM.EXE [2007-03-04 19:28:55 5072]
MemoKit.lnk - C:\Program Files\MemoKit\mk.exe [2004-04-19 11:58:34 21504]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
Office Information Worker Feedback Program.lnk - C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe [2006-04-22 10:46:30 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-07-05 19:45:13 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 17:08:08 57344]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 00:03:20 69632]
SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk - C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2005-10-17 16:10:34 421888]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awtqn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2006-12-12 14:45 21464 C:\Program Files\Zune\ZuneLauncher.exe
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-04-10 09:01]
S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-11-15 22:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56014d2e-1ff4-11db-8d13-000ea65cb895}]
\Shell\AutoRun\command - H:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb86e361-07c3-11db-8cf0-000ea65cb895}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 07:30:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-02 16:37:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 11:42:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft Office System Information Worker Feedback Program\WfpSaS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-02-02 11:52:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 16:51:59
.
2008-01-30 17:44:07 --- E O F ---
Hi
Please post back a fresh HijackThis log :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:31 AM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\nsga1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LORI\Application Data\Mozilla\Profiles\default\ie2qxrqv.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /QS
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Startup: Kaboom! Jr. Control Panel.lnk = C:\Documents and Settings\Lori\My Documents\My Music\KAB_JR\KABOOM.EXE
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: Office Information Worker Feedback Program.lnk = C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.vip.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support/tutorials/Click2Talk/ClickToTalkTS/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/casinoshare/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 18497 bytes
Hi
You have vundo file infector which might result in reinstalling some startup programs later.
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open notepad and copy/paste the text in the quotebox below into it:
RenV::
----a-w 620,152 2007-12-30 01:02:58 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
----a-w 57,344 2008-01-09 03:09:18 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 67,488 2007-12-30 01:03:04 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy .exe
----a-w 40,048 2007-12-30 01:02:55 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 67,112 2008-01-07 05:39:30 C:\Program Files\AIM95\aim .exe
----a-w 335,872 2008-01-07 20:53:33 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 2,321,600 2008-01-07 05:39:38 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater .exe
----a-w 94,208 2008-01-05 19:00:53 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w 28,672 2008-01-09 03:09:08 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w 278,528 2008-01-09 03:09:07 C:\Program Files\DIGStream\digstream .exe
----a-w 101,888 2008-01-09 03:09:12 C:\Program Files\ESPNRunTime\DIGServices .exe
----a-w 68,856 2008-01-09 03:09:21 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 49,152 2008-01-09 03:09:19 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 267,048 2008-01-16 21:29:06 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-09 03:09:13 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 231,952 2008-01-22 10:35:41 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
----a-w 67,128 2008-01-07 05:39:23 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
----a-w 582,992 2008-01-22 10:34:22 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 5,674,352 2008-01-07 05:39:49 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 13:47:40 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:51 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:51 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:51 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 13:47:41 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:52 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:52 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-10 03:15:52 C:\Program Files\QuickTime\qttask .exe
----a-w 36,904 2008-01-09 03:09:11 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w 5,367,608 2008-01-23 00:48:54 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 158,208 2008-01-21 17:15:05 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 28,672 2008-01-07 05:38:44 C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal .exe
----a-w 15,360 2008-01-22 10:35:18 C:\WINDOWS\system32\ctfmon .exe
----a-w 114,688 2008-01-07 05:38:43 C:\WINDOWS\system32\hkcmd .exe
File::
C:\WINDOWS\system32\xnoxrbby.ini
C:\WINDOWS\system32\hwifxssq.ini
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
ComboFix 08-02.02.5 - Lori 2008-02-03 10:43:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1412 [GMT -5:00]
Running from: C:\Documents and Settings\Lori\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lori\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\hwifxssq.ini
C:\WINDOWS\system32\xnoxrbby.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\hwifxssq.ini
C:\WINDOWS\system32\xnoxrbby.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-03 10:34 . 2008-02-03 10:52 124 --a------ C:\WINDOWS\_WVINUSE.ini
2008-01-30 21:21 . 2008-01-30 21:21 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\Talkback
2008-01-21 19:55 . 2008-02-02 10:55 7,741,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 19:55 . 2008-02-02 10:55 1,054,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-21 19:55 . 2008-02-02 10:55 105,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 19:55 . 2008-02-02 10:55 101,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-21 19:54 . 2008-01-21 19:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\KAV
2008-01-21 12:29 . 2008-01-21 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-01-21 12:28 . 2005-11-15 22:16 357,632 -ra------ C:\WINDOWS\system32\drivers\2862WICB.sys
2008-01-21 12:27 . 2008-01-21 12:27 <DIR> d-------- C:\Program Files\SMC
2008-01-21 12:27 . 2008-01-21 12:27 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-21 12:15 . 2008-01-21 12:15 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-21 10:51 . 2008-01-21 10:51 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\HPAppData
2008-01-19 07:29 . 2008-01-23 22:31 1,357 --a------ C:\WINDOWS\wininit.ini
2008-01-19 06:30 . 2008-01-19 06:30 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Talkback
2008-01-18 16:57 . 2008-01-19 05:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-18 16:57 . 2008-01-19 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 16:29 . 2008-01-16 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:29 . 2008-01-16 16:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 15:57 . 2008-01-16 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-15 23:14 . 2008-01-15 23:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-15 23:12 . 2003-12-02 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-01-15 23:11 . 2008-01-15 23:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-11 23:08 . 2008-01-22 05:42 <DIR> d-------- C:\VundoFix Backups
2008-01-06 13:39 . 2008-01-06 13:39 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\HPAppData
2008-01-06 00:43 . 2008-01-06 00:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 23:56 . 2008-01-05 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-05 23:49 . 2007-03-07 23:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-05 23:48 . 2008-01-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-05 23:48 . 2007-03-07 23:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-05 23:45 . 2007-05-02 03:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-01-05 23:45 . 2007-05-02 04:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-01-05 23:45 . 2007-03-07 23:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-01-05 23:45 . 2007-03-07 23:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-01-05 23:45 . 2007-05-02 04:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-01-05 23:45 . 2007-03-07 23:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-05 23:25 . 2008-01-05 23:25 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HP
2008-01-05 23:19 . 2008-01-05 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-05 23:12 . 2008-01-05 23:14 146,986 --------- C:\WINDOWS\hpoins21.dat.temp
2008-01-05 23:12 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-01-05 22:49 . 2008-01-05 22:49 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HPAppData
2008-01-05 21:59 . 2008-01-05 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-05 21:59 . 2008-01-05 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-05 21:58 . 2008-01-05 21:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-05 21:57 . 2008-01-05 21:57 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-05 21:56 . 2008-01-05 21:56 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-05 21:54 . 2008-01-05 23:19 <DIR> d-------- C:\Program Files\HP
2008-01-05 21:52 . 2008-01-06 00:01 147,669 --a------ C:\WINDOWS\hpoins21.dat
2008-01-05 21:52 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 15:51 22 ----a-w C:\qpmd8376.bin
2008-02-03 15:43 --------- d-----w C:\Program Files\QuickTime
2008-02-03 15:42 --------- d-----w C:\Program Files\MSN Messenger
2008-02-03 15:42 --------- d-----w C:\Program Files\iTunes
2008-02-03 15:42 --------- d-----w C:\Program Files\ESPNRunTime
2008-02-03 15:42 --------- d-----w C:\Program Files\DIGStream
2008-02-03 15:42 --------- d-----w C:\Program Files\AIM95
2008-02-03 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 09:46 --------- d-----w C:\Documents and Settings\Lori\Application Data\SiteAdvisor
2008-02-02 18:54 --------- d-----w C:\Program Files\VIP Casinos
2008-02-02 03:11 --------- d-----w C:\Documents and Settings\Bob\Application Data\SiteAdvisor
2008-01-31 04:17 --------- d-----w C:\Documents and Settings\Noelle\Application Data\SiteAdvisor
2008-01-21 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 17:15 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-17 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-17 01:48 --------- d-----w C:\Documents and Settings\Lori\Application Data\McAfee
2008-01-11 03:31 --------- d-----w C:\Program Files\WhiteSmoke
2008-01-09 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-05 01:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 01:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 01:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 01:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 01:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 01:45 --------- d-----w C:\Program Files\DL_cats
2008-01-03 04:30 --------- d-----w C:\Program Files\Casino Share Flash Casino
2008-01-02 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-12-31 05:29 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-31 05:23 --------- d-----w C:\Program Files\Dell_Photo AIO Printer 962
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell_ENA
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell
2007-12-30 16:05 --------- d-----w C:\Program Files\KeyGen Crack
2007-12-30 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-12-30 00:38 --------- d-----w C:\Documents and Settings\Lori\Application Data\AdobeUM
2007-12-28 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 01:56 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-27 23:32 --------- d-----w C:\Documents and Settings\Lori\Application Data\Apple Computer
2007-12-23 00:02 --------- d-----w C:\Program Files\BatchPhoto
2007-12-23 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 04:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-09 21:11 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-08 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-09 01:13 164 ----a-w C:\install.dat
2002-05-19 05:57 944,797 ----a-w C:\Program Files\wrar300.exe
2002-05-15 04:37 473 ----a-w C:\Program Files\rarregkey.txt
2002-04-01 13:43 11,264 ----a-w C:\Program Files\readme.wri
.
<pre>
----a-w 286,720 2008-01-11 13:47:40 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 13:47:41 C:\Program Files\QuickTime\qttask .exe
----a-w 5,367,608 2008-01-23 00:48:54 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 155,648 2008-01-07 05:38:41 C:\WINDOWS\system32\igfxtray .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-16 16:42 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [ ]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 13:12 2287152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2008-01-08 22:09 28672]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-01-22 05:34 582992]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 22:09 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"McWebDownlMgr"="C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe" [ ]
C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
Kaboom! Jr. Control Panel.lnk - C:\Documents and Settings\Lori\My Documents\My Music\KAB_JR\KABOOM.EXE [2007-03-04 19:28:55 5072]
MemoKit.lnk - C:\Program Files\MemoKit\mk.exe [2004-04-19 11:58:34 21504]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
Office Information Worker Feedback Program.lnk - C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe [2006-04-22 10:46:30 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-07-05 19:45:13 450560]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 17:08:08 57344]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 00:03:20 69632]
SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk - C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2005-10-17 16:10:34 421888]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-08 22:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2006-12-12 14:45 21464 C:\Program Files\Zune\ZuneLauncher.exe
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-04-10 09:01]
S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-11-15 22:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56014d2e-1ff4-11db-8d13-000ea65cb895}]
\Shell\AutoRun\command - H:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb86e361-07c3-11db-8cf0-000ea65cb895}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 07:30:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-03 15:53:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 10:52:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft Office System Information Worker Feedback Program\WfpSaS.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.
**************************************************************************
.
Completion time: 2008-02-03 11:01:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 16:01:53
ComboFix2.txt 2008-02-02 16:52:06
.
2008-01-30 17:44:07 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:30 AM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft Office System Information Worker Feedback Program\WfpSaS.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\nsga1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LORI\Application Data\Mozilla\Profiles\default\ie2qxrqv.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /QS
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Startup: Kaboom! Jr. Control Panel.lnk = C:\Documents and Settings\Lori\My Documents\My Music\KAB_JR\KABOOM.EXE
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: Office Information Worker Feedback Program.lnk = C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe (file missing)
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.vip.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support/tutorials/Click2Talk/ClickToTalkTS/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/casinoshare/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 18565 bytes
Hi
Not 100% success, but better.
Open notepad and copy/paste the text in the quotebox below into it:
RenV::
----a-w 286,720 2008-01-11 13:47:40 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 13:47:41 C:\Program Files\QuickTime\qttask .exe
----a-w 5,367,608 2008-01-23 00:48:54 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 155,648 2008-01-07 05:38:41 C:\WINDOWS\system32\igfxtray .exe
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
BTW....thankyou SOOmuch for your help!
ComboFix 08-02.02.5 - Lori 2008-02-03 13:14:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406 [GMT -5:00]
Running from: C:\Documents and Settings\Lori\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lori\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-01-30 21:21 . 2008-01-30 21:21 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\Talkback
2008-01-21 19:55 . 2008-02-02 10:55 7,741,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 19:55 . 2008-02-02 10:55 1,054,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-21 19:55 . 2008-02-02 10:55 105,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 19:55 . 2008-02-02 10:55 101,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-21 19:54 . 2008-01-21 19:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\KAV
2008-01-21 12:29 . 2008-01-21 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-01-21 12:28 . 2005-11-15 22:16 357,632 -ra------ C:\WINDOWS\system32\drivers\2862WICB.sys
2008-01-21 12:27 . 2008-01-21 12:27 <DIR> d-------- C:\Program Files\SMC
2008-01-21 12:27 . 2008-01-21 12:27 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-21 12:15 . 2008-01-21 12:15 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-21 10:51 . 2008-01-21 10:51 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\HPAppData
2008-01-19 07:29 . 2008-01-23 22:31 1,357 --a------ C:\WINDOWS\wininit.ini
2008-01-19 06:30 . 2008-01-19 06:30 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Talkback
2008-01-18 16:57 . 2008-01-19 05:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-18 16:57 . 2008-01-19 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 16:29 . 2008-01-16 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:29 . 2008-01-16 16:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 15:57 . 2008-01-16 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-15 23:14 . 2008-01-15 23:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-15 23:12 . 2003-12-02 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-01-15 23:11 . 2008-01-15 23:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-11 23:08 . 2008-01-22 05:42 <DIR> d-------- C:\VundoFix Backups
2008-01-06 13:39 . 2008-01-06 13:39 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\HPAppData
2008-01-06 00:43 . 2008-01-06 00:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 23:56 . 2008-01-05 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-05 23:49 . 2007-03-07 23:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-05 23:48 . 2008-01-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-05 23:48 . 2007-03-07 23:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-05 23:45 . 2007-05-02 03:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-01-05 23:45 . 2007-05-02 04:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-01-05 23:45 . 2007-03-07 23:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-01-05 23:45 . 2007-03-07 23:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-01-05 23:45 . 2007-05-02 04:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-01-05 23:45 . 2007-03-07 23:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-05 23:25 . 2008-01-05 23:25 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HP
2008-01-05 23:19 . 2008-01-05 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-05 23:12 . 2008-01-05 23:14 146,986 --------- C:\WINDOWS\hpoins21.dat.temp
2008-01-05 23:12 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-01-05 22:49 . 2008-01-05 22:49 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HPAppData
2008-01-05 21:59 . 2008-01-05 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-05 21:59 . 2008-01-05 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-05 21:58 . 2008-01-05 21:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-05 21:57 . 2008-01-05 21:57 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-05 21:56 . 2008-01-05 21:56 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-05 21:54 . 2008-01-05 23:19 <DIR> d-------- C:\Program Files\HP
2008-01-05 21:52 . 2008-01-06 00:01 147,669 --a------ C:\WINDOWS\hpoins21.dat
2008-01-05 21:52 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 17:06 --------- d-----w C:\Program Files\VIP Casinos
2008-02-03 15:51 22 ----a-w C:\qpmd8376.bin
2008-02-03 15:43 --------- d-----w C:\Program Files\QuickTime
2008-02-03 15:42 --------- d-----w C:\Program Files\MSN Messenger
2008-02-03 15:42 --------- d-----w C:\Program Files\iTunes
2008-02-03 15:42 --------- d-----w C:\Program Files\ESPNRunTime
2008-02-03 15:42 --------- d-----w C:\Program Files\DIGStream
2008-02-03 15:42 --------- d-----w C:\Program Files\AIM95
2008-02-03 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 09:46 --------- d-----w C:\Documents and Settings\Lori\Application Data\SiteAdvisor
2008-02-02 03:11 --------- d-----w C:\Documents and Settings\Bob\Application Data\SiteAdvisor
2008-01-31 04:17 --------- d-----w C:\Documents and Settings\Noelle\Application Data\SiteAdvisor
2008-01-21 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 17:15 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-17 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-17 01:48 --------- d-----w C:\Documents and Settings\Lori\Application Data\McAfee
2008-01-16 21:42 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-11 03:31 --------- d-----w C:\Program Files\WhiteSmoke
2008-01-09 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-07 05:38 155,648 ----a-w C:\WINDOWS\system32\igfxtray .exe
2008-01-07 05:38 114,688 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-01-05 01:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 01:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 01:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 01:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 01:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 01:45 --------- d-----w C:\Program Files\DL_cats
2008-01-03 04:30 --------- d-----w C:\Program Files\Casino Share Flash Casino
2008-01-02 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-12-31 05:29 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-31 05:23 --------- d-----w C:\Program Files\Dell_Photo AIO Printer 962
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell_ENA
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell
2007-12-30 16:05 --------- d-----w C:\Program Files\KeyGen Crack
2007-12-30 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-12-30 00:38 --------- d-----w C:\Documents and Settings\Lori\Application Data\AdobeUM
2007-12-28 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 01:56 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-28 01:56 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-28 01:56 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-28 01:56 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-27 23:32 --------- d-----w C:\Documents and Settings\Lori\Application Data\Apple Computer
2007-12-23 00:02 --------- d-----w C:\Program Files\BatchPhoto
2007-12-23 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 04:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-09 21:11 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-08 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-09 01:13 164 ----a-w C:\install.dat
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2002-05-19 05:57 944,797 ----a-w C:\Program Files\wrar300.exe
2002-05-15 04:37 473 ----a-w C:\Program Files\rarregkey.txt
2002-04-01 13:43 11,264 ----a-w C:\Program Files\readme.wri
.
<pre>
----a-w 286,720 2008-01-11 13:47:40 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 13:47:41 C:\Program Files\QuickTime\qttask .exe
----a-w 5,367,608 2008-01-23 00:48:54 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 155,648 2008-01-07 05:38:41 C:\WINDOWS\system32\igfxtray .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-16 16:42 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2008-01-08 22:09 28672]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-01-22 05:34 582992]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-01-21 12:15 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 22:09 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"McWebDownlMgr"="C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe" [ ]
C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-07-05 19:45:13 450560]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 17:08:08 57344]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 00:03:20 69632]
SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk - C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2005-10-17 16:10:34 421888]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lori^Start Menu^Programs^Startup^Kaboom! Jr. Control Panel.lnk]
path=C:\Documents and Settings\Lori\Start Menu\Programs\Startup\Kaboom! Jr. Control Panel.lnk
backup=C:\WINDOWS\pss\Kaboom! Jr. Control Panel.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lori^Start Menu^Programs^Startup^MemoKit.lnk]
path=C:\Documents and Settings\Lori\Start Menu\Programs\Startup\MemoKit.lnk
backup=C:\WINDOWS\pss\MemoKit.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lori^Start Menu^Programs^Startup^Office Information Worker Feedback Program.lnk]
path=C:\Documents and Settings\Lori\Start Menu\Programs\Startup\Office Information Worker Feedback Program.lnk
backup=C:\WINDOWS\pss\Office Information Worker Feedback Program.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2006-10-30 13:12 2287152 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-08 22:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2006-12-12 14:45 21464 C:\Program Files\Zune\ZuneLauncher.exe
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-04-10 09:01]
S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-11-15 22:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56014d2e-1ff4-11db-8d13-000ea65cb895}]
\Shell\AutoRun\command - H:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb86e361-07c3-11db-8cf0-000ea65cb895}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 07:30:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-03 15:53:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 13:16:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-03 13:17:50
ComboFix-quarantined-files.txt 2008-02-03 18:17:46
ComboFix2.txt 2008-02-03 16:02:00
ComboFix3.txt 2008-02-02 16:52:06
.
2008-01-30 17:44:07 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:05 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft Office System Information Worker Feedback Program\WfpSaS.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\nsga1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LORI\Application Data\Mozilla\Profiles\default\ie2qxrqv.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe (file missing)
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.vip.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support/tutorials/Click2Talk/ClickToTalkTS/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/casinoshare/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 17989 bytes
Hi
Looks like that not all files doesn't want to rename.
That just means that you will need to re-install some startup programs later.
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\WINDOWS\system32\igfxtray .exe
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
ComboFix 08-02.02.5 - Lori 2008-02-03 14:12:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1487 [GMT -5:00]
Running from: C:\Documents and Settings\Lori\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lori\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\WINDOWS\system32\igfxtray .exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\igfxtray .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-01-30 21:21 . 2008-01-30 21:21 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\Talkback
2008-01-21 19:55 . 2008-02-02 10:55 7,741,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 19:55 . 2008-02-02 10:55 1,054,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-21 19:55 . 2008-02-02 10:55 105,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 19:55 . 2008-02-02 10:55 101,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-21 19:54 . 2008-01-21 19:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\KAV
2008-01-21 12:29 . 2008-01-21 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-01-21 12:28 . 2005-11-15 22:16 357,632 -ra------ C:\WINDOWS\system32\drivers\2862WICB.sys
2008-01-21 12:27 . 2008-01-21 12:27 <DIR> d-------- C:\Program Files\SMC
2008-01-21 12:27 . 2008-01-21 12:27 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-21 12:15 . 2008-01-21 12:15 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-21 10:51 . 2008-01-21 10:51 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\HPAppData
2008-01-19 07:29 . 2008-01-23 22:31 1,357 --a------ C:\WINDOWS\wininit.ini
2008-01-19 06:30 . 2008-01-19 06:30 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Talkback
2008-01-18 16:57 . 2008-01-19 05:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-18 16:57 . 2008-01-19 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 16:29 . 2008-01-16 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:29 . 2008-01-16 16:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 15:57 . 2008-01-16 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-15 23:14 . 2008-01-15 23:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-15 23:12 . 2003-12-02 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-01-15 23:11 . 2008-01-15 23:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-11 23:08 . 2008-01-22 05:42 <DIR> d-------- C:\VundoFix Backups
2008-01-06 13:39 . 2008-01-06 13:39 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\HPAppData
2008-01-06 00:43 . 2008-01-06 00:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 23:56 . 2008-01-05 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-05 23:49 . 2007-03-07 23:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-05 23:48 . 2008-01-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-05 23:48 . 2007-03-07 23:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-05 23:45 . 2007-05-02 03:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-01-05 23:45 . 2007-05-02 04:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-01-05 23:45 . 2007-03-07 23:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-01-05 23:45 . 2007-03-07 23:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-01-05 23:45 . 2007-05-02 04:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-01-05 23:45 . 2007-03-07 23:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-05 23:25 . 2008-01-05 23:25 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HP
2008-01-05 23:19 . 2008-01-05 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-05 23:12 . 2008-01-05 23:14 146,986 --------- C:\WINDOWS\hpoins21.dat.temp
2008-01-05 23:12 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-01-05 22:49 . 2008-01-05 22:49 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HPAppData
2008-01-05 21:59 . 2008-01-05 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-05 21:59 . 2008-01-05 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-05 21:58 . 2008-01-05 21:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-05 21:57 . 2008-01-05 21:57 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-05 21:56 . 2008-01-05 21:56 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-05 21:54 . 2008-01-05 23:19 <DIR> d-------- C:\Program Files\HP
2008-01-05 21:52 . 2008-01-06 00:01 147,669 --a------ C:\WINDOWS\hpoins21.dat
2008-01-05 21:52 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 19:18 22 ----a-w C:\qpmd8376.bin
2008-02-03 19:17 --------- d-----w C:\Program Files\QuickTime
2008-02-03 17:06 --------- d-----w C:\Program Files\VIP Casinos
2008-02-03 15:42 --------- d-----w C:\Program Files\MSN Messenger
2008-02-03 15:42 --------- d-----w C:\Program Files\iTunes
2008-02-03 15:42 --------- d-----w C:\Program Files\ESPNRunTime
2008-02-03 15:42 --------- d-----w C:\Program Files\DIGStream
2008-02-03 15:42 --------- d-----w C:\Program Files\AIM95
2008-02-03 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 09:46 --------- d-----w C:\Documents and Settings\Lori\Application Data\SiteAdvisor
2008-02-02 03:11 --------- d-----w C:\Documents and Settings\Bob\Application Data\SiteAdvisor
2008-01-31 04:17 --------- d-----w C:\Documents and Settings\Noelle\Application Data\SiteAdvisor
2008-01-21 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-17 01:48 --------- d-----w C:\Documents and Settings\Lori\Application Data\McAfee
2008-01-11 03:31 --------- d-----w C:\Program Files\WhiteSmoke
2008-01-09 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-05 01:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 01:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 01:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 01:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 01:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 01:45 --------- d-----w C:\Program Files\DL_cats
2008-01-03 04:30 --------- d-----w C:\Program Files\Casino Share Flash Casino
2008-01-02 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-12-31 05:29 --------- d-----w C:\Program Files\Abbyy FineReader 6
2007-12-31 05:23 --------- d-----w C:\Program Files\Dell_Photo AIO Printer 962
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell_ENA
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell
2007-12-30 16:05 --------- d-----w C:\Program Files\KeyGen Crack
2007-12-30 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-12-30 00:38 --------- d-----w C:\Documents and Settings\Lori\Application Data\AdobeUM
2007-12-28 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 01:56 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-27 23:32 --------- d-----w C:\Documents and Settings\Lori\Application Data\Apple Computer
2007-12-23 00:02 --------- d-----w C:\Program Files\BatchPhoto
2007-12-23 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 04:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-09 21:11 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-08 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-09 01:13 164 ----a-w C:\install.dat
2002-05-19 05:57 944,797 ----a-w C:\Program Files\wrar300.exe
2002-05-15 04:37 473 ----a-w C:\Program Files\rarregkey.txt
2002-04-01 13:43 11,264 ----a-w C:\Program Files\readme.wri
.
<pre>
----a-w 5,367,608 2008-01-23 00:48:54 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-16 16:42 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2008-01-08 22:09 28672]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-01-22 05:34 582992]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-01-21 12:15 158208]
"combofix"="C:\ComboFix\kmd.exe" [2004-08-04 02:56 388608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 22:09 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"McWebDownlMgr"="C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe" [ ]
C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-07-05 19:45:13 450560]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 17:08:08 57344]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 00:03:20 69632]
SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk - C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2005-10-17 16:10:34 421888]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lori^Start Menu^Programs^Startup^Kaboom! Jr. Control Panel.lnk]
path=C:\Documents and Settings\Lori\Start Menu\Programs\Startup\Kaboom! Jr. Control Panel.lnk
backup=C:\WINDOWS\pss\Kaboom! Jr. Control Panel.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lori^Start Menu^Programs^Startup^MemoKit.lnk]
path=C:\Documents and Settings\Lori\Start Menu\Programs\Startup\MemoKit.lnk
backup=C:\WINDOWS\pss\MemoKit.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lori^Start Menu^Programs^Startup^Office Information Worker Feedback Program.lnk]
path=C:\Documents and Settings\Lori\Start Menu\Programs\Startup\Office Information Worker Feedback Program.lnk
backup=C:\WINDOWS\pss\Office Information Worker Feedback Program.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2006-10-30 13:12 2287152 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-08 22:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2006-12-12 14:45 21464 C:\Program Files\Zune\ZuneLauncher.exe
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-04-10 09:01]
S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-11-15 22:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56014d2e-1ff4-11db-8d13-000ea65cb895}]
\Shell\AutoRun\command - H:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb86e361-07c3-11db-8cf0-000ea65cb895}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 07:30:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-03 19:21:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 14:38:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-02-03 14:44:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 19:44:43
ComboFix2.txt 2008-02-03 18:17:51
ComboFix3.txt 2008-02-03 16:02:00
ComboFix4.txt 2008-02-02 16:52:06
.
2008-01-30 17:44:07 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:16 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\nsga1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LORI\Application Data\Mozilla\Profiles\default\ie2qxrqv.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe (file missing)
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.vip.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support/tutorials/Click2Talk/ClickToTalkTS/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/casinoshare/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 17726 bytes
Hi
Uninstall Spy Sweeper (you can re-install it once you're clean).
Delete this folder is still exists:
C:\Program Files\Webroot\Spy Sweeper
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note: This scanner will work with Internet Explorer Only!
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:04 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\nsga1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LORI\Application Data\Mozilla\Profiles\default\ie2qxrqv.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.vip.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support/tutorials/Click2Talk/ClickToTalkTS/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/casinoshare/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0287191202205476) (0287191202205476mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\028719~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
--
End of file - 18077 bytes
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 7:09:41 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 548717
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 166589
Number of viruses found: 2
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 03:38:23
Infected Object Name / Virus Name / Last Action
C:\CFusionMX\db\slserver52\tracing\ColdFusion MX ODBC Agent.trc Object is locked skipped
C:\CFusionMX\db\slserver52\tracing\ColdFusion MX ODBC Server.trc Object is locked skipped
C:\CFusionMX\logs\server.log Object is locked skipped
C:\CFusionMX\runtime\logs\default-err.log Object is locked skipped
C:\CFusionMX\runtime\logs\default-out.log Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\destination.dat Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\handle.dat Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\message.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e31766098082b1b41af627599f835e1_51efa46f-1676-4937-b187-21320319e24c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b690388aa1292b7fbe341629caa78bc9_51efa46f-1676-4937-b187-21320319e24c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.439.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.439.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy8239.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_9cc.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12072006-221540.log Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\0201D2062E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\0201E08CEC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\0201E0917F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\030A2D3F9566F8133E7241A792D9D978 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\26827173A32CFD66AE06B2E03C2090B8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\26EC0C5B7114F10875139504DC06CB40 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B0000003C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B00002065 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B00002834 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B00002B40 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2C494D53747265657469636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2C67696C7A6F7469636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2C73706C65616B5F69636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2FF3EC05D8D0239C17813A71950FEB39 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\32FD965AA1A6EF4F1E8F4DE14D141A4B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\340011B145208CFBEA76AD088CB728AE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\3D81CBF32B4374900D3161432904B286 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\41F3BF594DDAC6CAA3D2942C3F7FE6FA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\4916D554C00AB7982229A88F95B5F2ED Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\5DA6BF6279DAA8A81EAB61C5BBC01AFD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\5F1DD9054F9FCB372E9853C77E3F5F90 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\6239FAC128E92C898A32819F776BED26 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\697CB5B0CBDACCE78B827F1A4796E140 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\7E940868FE64CC37B1E4D18982B0CE82 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\902BBA87C11E77570137A1F5A1B145BE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\A455B7F56A7845F8A3BB1DAD4C8ED557 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\A4CC7695FD279702F37EDC69829CC639 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\A65B598392822A71E1F1858EF57BCBE7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\B1BD3D6D007DCC7A9685FD2DB47142F8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\D47F2681C0ADDC11330F0C2362C6301B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1024\2B000001B7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\129\0201D215F1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\129\2B0000144F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\users\graceebabyxoo\feedbag Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\users\gracieakersz13\buddyicon Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\users\gracieakersz13\feedbag Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\nss\secmod.db Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Lori.err Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\files.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\folders.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\folders.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\folders.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Preferences\AcrobatColorSettings.csf Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\Lori.err Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\db.opt Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\favorites.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\favorites.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\favorites.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\files.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\files.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\files.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\folders.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\folders.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\folders.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\Synchronizer\adobesynchronizersu80 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80 Object is locked skipped
Hi
Kaspersky log cuts off.
Please re-send it :)
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B0000174E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B000017AD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B000017DF Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B0000182B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B000019A4 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001C06 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001C0C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001C38 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001D55 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001D8A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001DB1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001DBB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001DD8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001E6C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001E6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001E70 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001E91 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001ECA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001EFF Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001F33 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00001FB4 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002065 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B000020FD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B000025C3 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002830 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002834 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002919 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B0000291C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002A5E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002AC3 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002B40 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002BB5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002BF8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002C95 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002DB8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B00002DDA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B2FAC0024C60E3E26B3E742B7AA6D9B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B50FB34071203B5DD5805C1CD6C5676 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B5D6902FAB73E8CB4FAB7048850A9B4 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2B8B2741990DE10B264BC78EC7693140 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2BE6797A6A10958855F7D9D780C60538 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2C494D53747265657469636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2C58B2ADBD4D8823AE38D9F23A6D9AC2 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2C61705F69636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2C66616365626F6F6B69636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2C67696C7A6F7469636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2C73706C65616B5F69636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2C97672BD88CDF697FF1BB3F746F5F51 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2CA437FEB353D9C0A3DEEE10069F2007 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2D5FD2707F615D08D468DA7A2B87E4C8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2D68CD4BCC7092C7A4C352B76D7C1453 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2DB02F50E3CD802EC02DBDC185B6E4D6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C000000000000010066656501 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C000000000000010066CA1901 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C0000000000000100692B1601 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C0000000000000100707BEA01 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C0000000000000100797E6B01 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C00000000000001007B09EE01 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C0000000000000100AB803501 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C000000000000020068FD7001 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C00000000000002008D1FD501 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C000000000000030078762901 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C00000000000005007F7EB101 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C0000000000000600750B3B01 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C00000000000007008C403901 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E000C0000000000000A00924B8101 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2E72E1060662D408B09B5C8D54D960D6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2EC828E22B6603DDFB7F737954393077 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2F5D6544203811C4E0363DB99C0022B1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\2FF3EC05D8D0239C17813A71950FEB39 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\301FC416600D3B5110E3703752BD615F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\308E6DDEC6E4161FCBC2B0E22E0B9A4A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\31A7C76ED8D544AC3F8C963F33B2BF14 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\320F208F165B48089D9EC157301FA3B6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3292F246BF93A729867E1B1A562DFF1B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\32DB44D3DB2BF80A307459989A3568F7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\32EC48C7726D473187C06DB8A7BA45DD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\32FD965AA1A6EF4F1E8F4DE14D141A4B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3361787B8A9E270A05FF006F057968F9 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3367B202F0206FAD888001B3746AD2CD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\33B2FA255578D0652CE725F54F202703 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\33DEC29C3E78DA287ADBB9C68BED0014 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\34BDD24C33D00E01A5FCC4ED6DA02822 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\357AC1659AA7C4AEE812FA87748F27E7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3599516245074242D2FC94A93210F3F2 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\363605893615FDE356A53FCBECC8B33F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\368E2A2D57A5DC6AC4C38C0793913D16 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\36B5AB25461C8EF72DD637E579D81A40 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\378217C590DE923D4B05C7680CB6FEE8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\37CCD619222B0953A25097395380D351 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\37F05D2C96BBAA1A8A791CDF6F627A69 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3856125418206AC6FABBB7A99D79EC68 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\389804A833D4ACCE9A83D90D086A8C98 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\38C7443EEEF3CAECBB8CF38DD8211F2F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\38DF284B5DCD2A7DA3991CDED6BE1D24 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\394FAA2AC35486A52BD0A3C18F910089 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\396E6F84D26C2A83E929E73A28CB5E02 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\39BD03551906393C159922F6BB008DE1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3A4D65AC626EC3F8A6D1E3C0C78347DA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3ACD00AB44BF10ACCA93183204E013E8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3BBB4E2895A49A1111432D5265370F7F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3C50CEB18F1C1CEAC46B636939ECE455 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3D9B10A62596FFC51BBC56DD26734D63 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3E3A020CA014F40884D6B4E967C9E7F6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\3F3F772FE3FE3D7A06398BCFF45A18D7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\40BF632629FB27FF314D24F20686AFAE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\40E732151372F86395E3DA8FAC3FDCD1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\40F3DD249DB34DFE501DF6C9EDC3F05E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\411B302813FB0F58AB9480803C4007EC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4250224DF6D96FFA93BCC293517763FE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\42569440221D0BABB0F298E3193EAD3D Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\42C5B0ABF1D5CB66347446A6495B871A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\42EFFCE95173C5AB8F4103591D6F61FA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\42F07D3A874604AB80FBA713EF3232A4 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\42F56A02DB242ABF535F236DC55A85F5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4300BAD6B3D53D533F574553E53D5D83 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\432E11FDC69A74C4565B851AF986370C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\433CF97CC0157BD68FC3167A9F62AB6F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\433D1BB23EB6DD2A3BBB17BF2768C17B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\43412F3DC48EC1945450E45B860240EB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\435A62ADC30B5B54DC4DD3527C0C19BF Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\435F22661CEB8E05370A35F32C7C98E0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\43815C26F73155668AEBF9869E7A74F5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\43B311743413459FBFD0D9A827F80C56 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4416E93D9E6894EA9CC18051AD9DEC1A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\450D2BF895317B2C2922F9282D2DD083 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4514332B5AFD9FD819373304A2694444 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4693E78223F7BF053DC62231A1320278 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\469E065972C97378FC3301E9615E1305 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\471FB1B352A24CBBC593478C2936D665 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\48072562CF3BE9CDF57F7B4DFC8D324A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\48154EA474A8245EA15D2B32EDE913B0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\48A619BD9B4F1FA31E4147D80CD2F6A7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\48AD388C3A55FA5CA150E6D4ED7F39AA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\48AF972823BBB3B144E6A06000191B8E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\49002C6A651D6A150A3AA76EFBC1FE1A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\497B2D90686BEFB7DADFC369A87C9AFF Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4A05FF6596D627E65CA49F3BEB50E7A0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4A4EED4481603942336923C8125BBDD5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4B3032F82EB426BFC25BC3720AEAF536 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4B9996A7F927BF26B865547B6A5B04F6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4BFDB10A21F93DFBE0434D7A9C05BC24 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4C360F16208A6EDC1EF3DAAE8E5CD8CA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4C4054D35213154CCC11B67E75D51E7F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4C48E39EAFBC9BF4C1FC36DA90775498 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4C56E8F0C6544F51DB9F74DC8B411C83 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4C7C7C72CE3628A396959B312422C298 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4C94E4F32E30DA6C7463723D4CC77FC3 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4CD71A86E586D2ABB41BEBA6B0141B02 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4D24EBD1CF905103C28CA41ED96E7257 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4D51A9991B04E1F3B1C6E5E500B60F9D Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4D6E185453A077AA4736ECCCA722469C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4DD5FCCB2BFDFD9CB29864DCA018B721 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4E5A143B1379564EAF16E2589EF83A18 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4EC0A0B4A856608B9516C06B13147322 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4ED3E52CA405E982B780C93CF6188460 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4EE8929B0819789376BCC2BDBA0A6271 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\4F3C77E867CDA974C8A8F63126072548 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5050BFBEAF962CC7901E8412F9D3DBF6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\505325C12EE666F4FE2C921F423BA108 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\505FFB0B2666D1F3E5BA413A5643E36A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\50C9C883EA0F249C0DED19FDEB6DA636 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\51B55D8FBA10E6C9D3A5C56AED293B86 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\52124EF4432DB6028A17BC973D63F2EC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\52228A49FBAFF40B86A3BF181292C5EF Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\52B33DF87FC2E717F0DE607CBB705CC1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\52E4233399602D400F36BE9A5CC72963 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5314C482B019C43833146AA44CE5BBBA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\53523298F3EED517E637055CED08C634 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5436B2F8E49117CF1509A90EE46987AF Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\54BBE1D476AD3A3C12F6F0D129DA928C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5579DB428286A8E34B692371EBDFF8E0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\55A4D14DAA505431929032F4109031B0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5615900B82DC8667F64A077F28681B1D Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\567556B0F0F21FD39C68C09483B28D83 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\569601FD5D62ECD4D32CCDEF4929BFE5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\56E22B7D5903C8E4C0955D9EB1135AD6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\576AEB291883AD9BCE3D8F2E13FA780E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\57844603498233293728CC3BFFA7044B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5856D95061FC8AA62C08D779B0AE29F0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\58E3F2658CE6E75D9475AF0B43113AE8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\58F29E67D9DBFC31B3A12513299B59D7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5909E98862BB1506DBE4ED585764CAA7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\59A6D8864E8249E0816CC004561C0C1F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5A069AD462D1645A148E177CD0E931CD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5A8634BDCE878B0687C9D9D7A552E8AB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5AD440AC6E552B56EAAEFA55AEDC3671 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5B253B66E126BE24B6733DC6D89708AB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5B9880E3DE7B3633C211ACBCBD0192A6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5BD16EB79B916655F3A64C08972C2F24 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5D3C82624EC81BC482DA838D2D038869 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5DAF5455999D1BF3AE8E2DE53CAAA0B2 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5EA55C09271535DD048460DD07C67FE2 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5EE0D7B1E1D6620AD1F50596F8526039 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5EFBC5ADBB18F44BD850FDC393AC3AF1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5F5351FC5220E71D851F79CE60AD7DF2 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5FA518C9BC31841262590AA389197413 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\5FE59759CBE342605BE5C77AFFAA661A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6006A18324A965827A2B811134FB00D5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\60107DEE153026B5E9142D8B87827A24 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\601E069A8F667714810FC9FD818E25ED Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\60B66C1A941E54ED2481FC3E69665374 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\60EBE26EC9509D10AACCBD0E8C846736 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6132378DC0FB94754BC867DE213D218D Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\616062D1789779D930624B394E1221DC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\61C3B4F5ACA96934F18E038D6C078F25 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6212171D8F626F087A68F8A8BEB22DA4 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\621B25AAE7182F73EAB93206174E5819 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6234A084BBABCF9B3C60684B43F4F69B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6431797F82A686DD95FD543EDD05DE61 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\652078F19C59CF06AA125E0633979096 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\65C4B5E7A6015DCC1A89411047D64EAB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\65EC9EB0B106EE801EDFFADDE173B2EB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6600D5A73952C708A2E484C1AC91A522 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\66708C9FBE519C56CA70CB6C0F5577E2 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\66E9719B12105F56C7AD53C9C82F01D0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\670972469077F1BAE9C39CB853AB8488 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6724FC575B162CE266C4FD99A45065AC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\67AAE904AA536F3635F172D5453E9B7C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\68505243C7CA5C4E54B7D16CB7B35F27 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6880442014EBB51A99B6823DBF219883 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\68D7AAF748179F23B34F590F8F64D28F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\68F30B23F4DEBB3FE406E4F87B162203 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\68F556ED3D3E74DF30B339DBCBCD0BF8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\691B839CBF2D18932F859C4CF002A97D Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\69B917C353D3691EF592946E65DE7FD0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6A33BAA3BFCECE8C0D6F6B16CCF0F88F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6A51964C5ECA4F12DEC0CB8D52ECB862 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6AC4F60699BF3731143D6CC7BB9527D0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6B018DF4FABE28A07F22D5BC568ED1CB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6BF3E30646FDE41FD128DAD6CF79AE3E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6C1AA14013E8F38166637D7A9C074EEE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6CA599E255A965CC43B645AE39F93FD3 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6CC7E61285E40F85F4D8A14F1508151E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6CD5D713C10429181CFA4A2734D9B537 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6CF283F16ACC73F695AAEA8BF038C5CE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6D31EA78672B892D42EE6A8A5CDF94A6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6E3C46BEFB209B52F49EF95B998439D9 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6E576B4C8E3401227E21EBD7B39F67E4 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\6F9338874035C5DD7E2D20115D19609D Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7009E788626B967862C53241B3D759A8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\701623F88EBFF89C48A484046B2C2555 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\702B87FF981AB602C25145804952DAFE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7066BF3520E2E0CD74D80E33E71CA585 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\707D8A0AAA69AB37EF7A1B85A3D4020F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\70F2CE573433011DFB627FDA49082D97 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7130530F661F307CA730782DB5335CA1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\721CE2C39DD6395E22BB9C2B58604ECC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7324BCD55D6CD7DDAD96037749CBCEAC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7330618ED7E4BE27B6B9B4EBA5134077 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\733A6D31EC6A5C465603681670C37AE5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\736D0FDE2A0921624F1264B3DC7E8486 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\73ABA25C6D1E0118EFEA0C452BEBA634 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\73D271DC324927EBFF0E118B60C7363B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\73D81029828959698DC893F1D7823936 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\73F1CCE431E903FEF05863C3CFF939B1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\744C9F6AC723CD7574E8C3ECD98B1754 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\746D824FD4B795D5E11D3B26D211D879 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\74FCD1316FF613588AE1D2F1B93FB597 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7503FADFAF894ECFBD6E952FA95C609B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7552B0B7B5064000D2CCD23C43D0A8D5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\756CEF18CABD65B6EBB2973E023E1E8A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\75992FDD2C14EF3D2B05BCBF5C09EA75 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\75C6D4C1F58BB83E7D21465C45427A55 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\76F333CCFC86B0C5CD3CB0588FD7399C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7765EB847595311B0E0E5A236AAFA0FC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\77BC4863139F47BC4A4AC56CD96AAB9B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\77C0B30607E7BB5CB9851528F65E2362 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\78671636A5E3DA74C931C6263D76B5EA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\78894C0E5A6D109115ACD40E22D5163C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\790E3E78F9AD7F0696F9C21A6CFDDE85 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\792D0608E188B51B18B3E4A007CE0364 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\79592105BCB63DB264E889FBD5CCB9DC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\795B434D51810E81CBC3463B56586A53 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\79B4B8C21F00DCC7CD7C2E13EDFD7170 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\79E530236ABC62B280D29BB33DA814DB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7A0189E05D9B939188BD9CB3E92A2BCB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7A84ABFD5AD39B4E671571547B5CE1CD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7ADCCE6635392041D82A1EC5F42830EE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7AEDF199449A086BFBF5FC7B62D00623 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7B42D982B387D7E170405FE0FAFDA8D6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7B478C53AC0FF1FB48E09BD3782C4FD8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7B8241A0BC95687E3DDB5EE4311B132F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7B88EAF3B4FD5FE66A30E9E962C3D2E5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7BCD201D62C35A2C1D568ECB67499E06 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7BF5F034F6FA878617258682B039051A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7C28376B8BECC96C5ED561EABB3E9358 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7C2EBF5C6BCFC5517437594624F6DAC9 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7CA4F3B1044EA82563568E2C8CA5AC3C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7CC6D19CC3C9A3DFD53D1CB23C1F89B0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7D161CBA2A94AC9D234DA5CB5C75D1D6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7D57DBC953178AD36480473ADDB9BF0B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7D9972AEC4894442617E0EC81417687C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7DF71F554F01FFA414655ED31A91DD6C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7E3AF1C0D6E076F927C1986ACE09CAE5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7E3B56631D1F48BB107A67B065F740AF Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7E5C23ADABFE18984BFFED164E09C9BD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7E89415C782D7FC871DFFED69F80FC99 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7EFC693912DEB203F1845E437F61EB1A Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7F43C265CCEBAD30437BB8D0AF1754FC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7F66A5A7A8954B92CBEA9C4785365175 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7FA8DFA0A8AAC9921DA483EA9B34A162 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\7FF51F8CCBF0FD575034CCCA31B3CBD7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\8044A77A56D74180E50FD6954E1037AC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\8061F4B3EE3D04D19A684FB371E51B32 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\80A7779A9A954E8B9503E6B4B4920BEE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\80AFE5B4D893F869154F0C92DEB03E68 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\81005D77291EAED94158A3D08BA39427 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\822CA989B7CC560A00A88EE27D7DD3DC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\82E1F23A2F587EEF68311C32365A2CA5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\82F1FE6EA75FF0AF6F293609D89DD877 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\831C9CE3AE50097AD1CF6999E2B483C0 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\835532B7D172F00A537953D8ACF9ADA5 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\835927F9F9EBC57A82B8777272ACB4A1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\83C00FBD5E3AEC8C0F56F069F4B4D8F6 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\841E75CB45BCFA29A5AF2F0C2059F61F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\8456A8925B439135F29EBB984A473313 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\8496B1702794996CAB4842889A5B905E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\84BC6252A688E87E333EEC5BEE0D8CFE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\84BDFF35AA854C7097F9037854AFC4EB Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\84E0720994A36C2D8915626D3888B29D Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Aim\afnwcbys\bartcache\1\85EF878E207A369532429B242DE6507E Object is locked skipped
Hi
You can edit out all entries with object locked skipped and post those with infected, please :)
I am confused because every one says "locked skipped", but it found 2 viruses and 15 infected files:
Scan Statistics:
Total number of scanned objects: 166589
Number of viruses found: 2
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 03:38:23
Infected Object Name / Virus Name / Last Action
C:\CFusionMX\db\slserver52\tracing\ColdFusion MX ODBC Agent.trc Object is locked skipped
C:\CFusionMX\db\slserver52\tracing\ColdFusion MX ODBC Server.trc Object is locked skipped
C:\CFusionMX\logs\server.log Object is locked skipped
C:\CFusionMX\runtime\logs\default-err.log Object is locked skipped
C:\CFusionMX\runtime\logs\default-out.log Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skippe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e31766098082b1b41af627599f835e1_51efa46f-1676-4937-b187-21320319e24c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b690388aa1292b7fbe341629caa78bc9_51efa46f-1676-4937-b187-21320319e24c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.439.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.439.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy8239.gthr Object is locked skipped
Hi
Those with infected don't say object locked skipped but infected skipped.
Please do a search with infected in Notepad when that log is open and copy/paste those entries only here :)
I am copying infected files:
C:\Program Files\McAfee\MPS\IAEngine.dll Infected: Backdoor.Win32.Rbot.hfu
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\acfrnddi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aqftkvvn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bvjfikhf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kyuehqpt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lapmdxwh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlhtwmcr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nldgonkb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wqfdwxwv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wyhwoens.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP5\A0000258.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP5\A0000260.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP5\A0000262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP5\A0000264.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP5\A0000265.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
Hi
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
C:\Program Files\McAfee\MPS\IAEngine.dll
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Scan taken on 09 Feb 2008 00:17:39 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found BackDoor.W32.Rbot.hfu
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found W32/RBot.HFU!tr.bdr
Ikarus Found Suspect code-parts (probable variant)
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Backdoor.Win32.Rbot.hfu
Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.08 -
Authentium 4.93.8 2008.02.08 -
Avast 4.7.1098.0 2008.02.08 -
AVG 7.5.0.516 2008.02.08 -
BitDefender 7.2 2008.02.09 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.09 -
DrWeb 4.44.0.09170 2008.02.08 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.08 -
FileAdvisor 1 2008.02.09 -
Fortinet 3.14.0.0 2008.02.08 W32/RBot.HFU!tr.bdr
F-Prot 4.4.2.54 2008.02.08 -
F-Secure 6.70.13260.0 2008.02.08 -
Ikarus T3.1.1.20 2008.02.09 -
Kaspersky 7.0.0.125 2008.02.09 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.09 -
NOD32v2 2860 2008.02.08 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.08 -
Prevx1 V2 2008.02.09 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.09 Sus/ComPack-C
Sunbelt 2.2.907.0 2008.02.08 VIPRE.Suspicious
Symantec 10 2008.02.09 -
TheHacker 6.2.9.213 2008.02.09 -
VBA32 3.12.6.0 2008.02.09 Backdoor.Win32.Rbot.hfu
VirusBuster 4.3.26:9 2008.02.08 -
Webwasher-Gateway 6.6.2 2008.02.08 Win32.Malware.gen (suspicious)
Additional information
File size: 543232 bytes
MD5: d2b4f2a1eab89110754de8256ec55bf8
SHA1: 34e71a8d8cf46a56198e2d91342b25b74ccf8b77
PEiD: ASProtect SKE 2.1x (dll) -> Alexey Solodovnikov
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Hi
Empty this folder:
C:\QooBox\Quarantine
Empty Recycle Bin.
Those findings from C:\Program Files\McAfee\MPS\IAEngine.dll are false positives, you gan ignore them.
All other viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
Actually...no other problems! Thanks so much! You are an :angel:
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Next we remove all used tools.
Please download OTMoveIt2 (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and save it to desktop.
Double-click OTMoveIt2.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for Spybot S & D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean! :bigthumb:
Shaba, thanks so much for patiently helping me to "sterilize" my pc. You were very clear on all your instructions. Before your help I was so close to doing a restore, which I did NOT want to do!
I have followed your final instructions and just wanted to thank you again! This site is one of the best!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.