I had some Vundo problems. Ran the following:
SpyBot 1.6 w-updates
WebRoot Spysweeper 5.81 w-upd
Symantec AV v10.0 w-upd
Seemed to get rid of most issues. But seems to come back. Only thing left right now is random process tries to phone home to 007guard.com or www. 007guard.com. I see this in ProcessMon/SysInternals. I re-ran all the scanners above and none find a problem. I installed ZoneAlarm FW 7.0 trial to see if helps. Did not. The WebRoot program does detect access to 'known sites' and blocks them (e.g. 100's of random sites like CLICKSPRING.NET...). I tried to run F-secure online scanner but after ActiveX starts up gets error.
Here is log from HiJackThis 2.02:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:05, on 2008-11-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
v:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
V:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
V:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
V:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
V:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
V:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\Ipswitch\IM Client\IMClient.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Documents and Settings\rjohnson.ATSIGMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\WinTidy\WinTidy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080/array.dll?Get.Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - V:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E7051BA1-1B45-48BB-9748-2FDF3A616A35} - C:\WINDOWS\system32\awTnkjIY.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - V:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "v:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [WD Button Manager] "C:\WINDOWS\system32\WDBtnMgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "V:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "V:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [DU Meter] "C:\Program Files\DU Meter\DUMeter.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] "V:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft.NET" Office Communicator\Communicator.exe /silentRetrials /background
O4 - HKCU\..\Run: [_IMClient_] "C:\Program Files\Ipswitch\IM Client\IMClient.exe"
O4 - HKCU\..\Run: [DU Meter] "C:\Program Files\DU Meter\DUMeter.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\rjohnson.ATSIGMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: WinTidy.lnk = C:\Program Files\WinTidy\WinTidy.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: ColorPlus Startup.lnk = C:\Program Files\PANTONE COLORVISION\ColorPlus\ColorPlus.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://V:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - V:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - V:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: v:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: v:\program files\vmware\vmware workstation\vsocklib.dll
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted IP range: http://10.1.1.10
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://borland.interwise.com/borland/English/ActiveX/IWsystemchecks.cab
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} (Web Conferencing) - http://micrel.epopcentral.com/joinie.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/dev/code/IE_1070/DownloadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188919430625
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://10.1.1.10/caweb/arview2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = atsigma.com
O17 - HKLM\Software\..\Telephony: DomainName = atsigma.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{303CD80F-15A3-4A4D-9D91-E84814C3F773}: NameServer = 10.1.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{564FAD51-60C2-4A66-B306-F92E08F24942}: NameServer = 10.1.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEFF0CED-F10C-4325-AFC6-3BCC0EB09F1E}: NameServer = 10.1.1.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = atsigma.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{303CD80F-15A3-4A4D-9D91-E84814C3F773}: NameServer = 10.1.1.11
O20 - AppInit_DLLs: dnqblq.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - v:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - V:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP3\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP3\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - V:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - V:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com (http://www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 17652 bytes
pskelley
2008-11-20, 16:56
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.
Vundo is a hard one to get rid of, no program I know of does it completely, usually takes a combination of malware programs and a sharp eye. If you want me to see what I can do, read the directions, especially this one:
Do NOT run 'FIXES' before helpers have analyzed the HJT log
http://forums.spybot.info/showthread.php?t=16806
and we will have combofix take a look.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please also post an uninstall list:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Recap: combofix log, HJT log and uninstall list.
Thanks
Here is ComboFix log:
ComboFix 08-11-21.03 - rjohnson 2008-11-21 14:43:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.69 [GMT -8:00]
Running from: c:\documents and settings\rjohnson.ATSIGMA\My Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\rjohnson.ATSIGMA\Application Data\unins000.exe
c:\windows\system32\dycslqmr.ini
c:\windows\system32\kqfopcbk.ini
c:\windows\system32\rhovkihb.ini
c:\windows\Tasks\qmpxwvhi.job
c:\windows\Tasks\rjztihxa.job
.
((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.
2008-11-21 12:21 . 2008-09-18 17:32 164,912 -ra------ c:\windows\system32\vmx_fb.dll
2008-11-21 12:21 . 2008-09-18 17:32 117,552 --a------ c:\windows\system32\drivers\vmhgfs.sys
2008-11-21 12:21 . 2008-09-18 17:32 63,920 -ra------ c:\windows\system32\drivers\vmx_svga.sys
2008-11-21 12:21 . 2008-09-18 17:32 36,400 -ra------ c:\windows\system32\drivers\vmxnet.sys
2008-11-21 12:21 . 2008-09-18 17:32 35,888 --a------ c:\windows\system32\vmhgfs.dll
2008-11-21 12:21 . 2008-09-18 17:32 16,432 -ra------ c:\windows\system32\vmx_mode.dll
2008-11-21 12:21 . 2008-09-18 17:32 11,696 -ra------ c:\windows\system32\drivers\vmmouse.sys
2008-11-21 12:12 . 2001-08-17 12:11 35,328 --a------ c:\windows\system32\drivers\pcntpci5.sys
2008-11-21 12:12 . 2001-08-17 12:11 35,328 --a--c--- c:\windows\system32\dllcache\pcntpci5.sys
2008-11-21 12:05 . 2008-04-14 00:06 14,208 --a------ c:\windows\system32\drivers\battc.sys
2008-11-21 12:05 . 2008-04-14 00:06 14,208 --a--c--- c:\windows\system32\dllcache\battc.sys
2008-11-21 12:05 . 2008-04-14 00:06 13,952 --a------ c:\windows\system32\drivers\CmBatt.sys
2008-11-21 12:05 . 2008-04-14 00:06 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-11-21 12:05 . 2008-04-14 00:06 10,240 --a------ c:\windows\system32\drivers\compbatt.sys
2008-11-21 12:05 . 2008-04-14 00:06 10,240 --a--c--- c:\windows\system32\dllcache\compbatt.sys
2008-11-19 13:14 . 2008-09-18 16:35 17,968 -ra------ c:\windows\system32\drivers\vmscsi.sys
2008-11-19 13:13 . 2008-11-19 13:14 <DIR> d-------- c:\windows\$Reconfig$
2008-11-18 10:34 . 2008-11-18 10:34 7,444 --a------ c:\windows\system32\tmp.reg
2008-11-17 17:46 . 2008-11-17 17:46 <DIR> d-------- C:\fsaua.data
2008-11-17 17:05 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-17 15:01 . 2008-11-21 15:14 7,325,728 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-17 15:01 . 2008-11-17 15:01 75,932 --a------ c:\windows\system32\drivers\klick.dat
2008-11-17 15:01 . 2007-06-21 21:54 75,248 --a------ c:\windows\zllsputility.exe
2008-11-17 15:01 . 2008-11-17 15:01 74,396 --a------ c:\windows\system32\drivers\klin.dat
2008-11-17 15:01 . 2008-11-21 15:14 40,112 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-17 15:01 . 2008-11-21 13:42 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-11-17 15:00 . 2008-11-17 15:00 <DIR> d-------- c:\program files\Zone Labs
2008-11-14 09:44 . 2008-11-14 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-11-10 14:58 . 2008-11-10 14:58 <DIR> d-------- c:\program files\TechSmith
2008-11-10 14:58 . 2008-11-10 14:58 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-10-27 14:50 . 2008-10-27 14:53 <DIR> d-------- C:\tmpDownload
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 23:17 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-21 20:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 20:48 --------- d-----w c:\program files\Hewlett-Packard
2008-11-21 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-11-21 20:20 --------- d-----w c:\program files\VMware
2008-11-21 20:20 --------- d-----w c:\program files\Common Files\VMware
2008-11-21 20:06 2,529,792 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-11-21 20:06 15,360 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-11-19 20:30 3,112,960 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-11-19 20:30 2,535,424 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-11-19 20:25 --------- d-----w c:\documents and settings\rjohnson.ATSIGMA\Application Data\VMware
2008-11-19 18:56 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-11-19 01:35 2,524,160 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-11-19 01:35 17,920 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-11-19 01:23 3,638,272 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-11-19 00:43 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-18 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 17:19 --------- d-----w c:\documents and settings\rjohnson.ATSIGMA\Application Data\Vso
2008-11-18 01:06 --------- d-----w c:\program files\Java
2008-11-17 19:09 --------- d-----w c:\program files\Common Files\Acronis
2008-11-17 19:08 441,760 ----a-w c:\windows\system32\drivers\timntr.sys
2008-11-17 19:08 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-11-17 19:08 132,352 ----a-w c:\windows\system32\drivers\snapman.sys
2008-11-17 19:08 --------- d-----w c:\program files\Acronis
2008-11-17 18:43 --------- d-----w c:\program files\Zoom Player
2008-11-14 17:23 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-11-14 17:00 --------- d-----w c:\program files\FlashGet
2008-11-07 22:17 --------- d-----w c:\program files\WinTidy
2008-11-07 19:19 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 16:28 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-23 00:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-23 00:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-20 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2008-10-20 22:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-20 22:37 --------- d-----w c:\program files\Adobe Media Player
2008-10-20 22:36 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-20 21:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-17 18:30 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-15 14:50 --------- d-----w c:\documents and settings\rjohnson.ATSIGMA\Application Data\Intuit
2008-10-14 23:33 --------- d-----w c:\program files\OpenSource Flash Video Splitter
2008-10-14 23:33 --------- d-----w c:\program files\DScaler5
2008-10-14 23:32 --------- d-----w c:\program files\SHOUTcast Source
2008-10-14 23:32 --------- d-----w c:\program files\Haali
2008-10-14 23:32 --------- d-----w c:\program files\DSP-worx
2008-10-14 23:32 --------- d-----w c:\program files\DirectVobSub
2008-10-13 17:22 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2008-10-10 22:05 --------- d-----w c:\program files\ScottradeELITE
2008-10-09 14:53 --------- d-----w c:\program files\iTunes
2008-10-09 14:53 --------- d-----w c:\program files\iPod
2008-10-09 14:53 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 20:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-01 16:52 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-09-30 22:28 --------- d-----w c:\documents and settings\rjohnson\Application Data\Malwarebytes
2008-09-30 19:03 --------- d-----w c:\documents and settings\rjohnson.ATSIGMA\Application Data\Malwarebytes
2008-09-30 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-30 18:40 --------- d-----w c:\program files\Trend Micro
2008-09-29 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\Applications
2008-09-29 21:11 --------- d-----w c:\documents and settings\rjohnson\Application Data\Ipswitch
2008-09-29 20:51 --------- d-----w c:\documents and settings\rjohnson\Application Data\Webroot
2008-09-29 20:49 --------- d-----w c:\documents and settings\NetworkService\Application Data\Webroot
2008-09-29 20:38 --------- d-----w c:\program files\TagRename
2008-09-29 18:20 164 ----a-w C:\install.dat
2008-09-29 18:16 --------- d-----w c:\documents and settings\LocalService\Application Data\Apple Computer
2008-09-26 23:54 --------- d-----w c:\program files\Flash Slideshow Maker Professional
2008-09-26 23:18 --------- d-----w c:\documents and settings\LocalService\Application Data\ATI
2008-09-26 21:52 --------- d-----w c:\program files\Webroot
2008-09-26 21:52 --------- d-----w c:\documents and settings\rjohnson.ATSIGMA\Application Data\Webroot
2008-09-26 21:52 --------- d-----w c:\documents and settings\LocalService\Application Data\Webroot
2008-09-26 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2008-09-19 06:11 399,920 ----a-w c:\windows\system32\vmnat.exe
2008-09-19 06:11 326,192 ----a-w c:\windows\system32\vmnetdhcp.exe
2008-09-19 01:30 9,632 ----a-r c:\windows\system32\TPVMMonjpn.dll
2008-09-19 01:30 9,104 ----a-r c:\windows\system32\TPVMMonUIjpn.dll
2008-09-19 01:30 9,104 ----a-r c:\windows\system32\TPVMMonUIdeu.dll
2008-09-19 01:30 79,208 ----a-r c:\windows\system32\TPVMMonUI.dll
2008-09-19 01:30 423,208 ----a-r c:\windows\system32\TPSvc.dll
2008-09-19 01:30 284,016 ----a-r c:\windows\system32\TPVMMon.dll
2008-09-19 01:30 23,960 ----a-r c:\windows\system32\TPVMMondeu.dll
2008-09-19 01:30 111,856 ----a-r c:\windows\system32\TPVMW32.dll
2008-09-09 20:49 230,152 ----a-w c:\windows\system32\PDBoot.exe
2008-09-06 05:16 1,900,544 ----a-w c:\windows\system32\usbaaplrc.dll
2008-08-29 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-07-29 16:14 87,608 ----a-w c:\documents and settings\rjohnson.ATSIGMA\Application Data\ezpinst.exe
2008-07-29 16:14 47,360 ----a-w c:\documents and settings\rjohnson.ATSIGMA\Application Data\pcouffin.sys
2007-11-13 00:46 9,645 ----a-w c:\documents and settings\rjohnson.ATSIGMA\Application Data\unins000.dat
2003-07-31 09:53 147,456 ----a-w c:\windows\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w c:\windows\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w c:\windows\inf\EL2K_2K.sys
2005-07-14 19:31 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r c:\windows\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"COMMUNICATOR"="c:\program files\Microsoft.NET" [2006-05-19 0]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-11-27 1582616]
"Google Update"="c:\documents and settings\rjohnson.ATSIGMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-04-12 417792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-21 57344]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2006-04-16 16143872]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-04-12 425984]
"WD Button Manager"="c:\windows\system32\WDBtnMgr.exe" [2007-04-25 364544]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2008-06-24 1274792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2008-06-24 884696]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-06-24 140568]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-11-27 1582616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2008-09-18 416304]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2008-09-18 834096]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]
c:\documents and settings\rjohnson.ATSIGMA\Start Menu\Programs\Startup\
WinTidy.lnk - c:\program files\WinTidy\WinTidy.exe [2001-10-08 585216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-05-29 117592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\eudora\EuShlExt.dll" [2006-08-17 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2008-09-18 17:30 423208 c:\windows\system32\TPSvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dnqblq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv50"= c:\progra~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R0 vmscsi;vmscsi;c:\windows\system32\DRIVERS\vmscsi.sys [2008-11-19 17968]
R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\oxfwlf.sys [2006-05-18 12043]
R1 TSKNF602.SYS;TSKNF602.SYS;\??\c:\windows\system32\Drivers\TSKNF602.SYS [2006-08-16 11200]
R1 vmdebug;VMware Replay Debugging Helper;\??\c:\windows\system32\Drivers\vmdebug.sys [2008-09-18 19504]
R1 vmhgfs;vmhgfs;c:\windows\system32\DRIVERS\vmhgfs.sys [2008-11-21 117552]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2007-02-27 3744]
R2 FwcAgent;Firewall Client Agent;"c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe" [2006-05-29 128856]
R2 MAPMEM;MAPMEM;\??\c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2007-02-27 3904]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys [2007-01-22 23168]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk\PD91Agent.exe" [2008-09-09 693512]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe [2008-05-01 98488]
R2 ufad-p2v;VMware Converter Service;"c:\program files\VMware\VMware Converter\vmware-ufad.exe" -d "c:\program files\VMware\VMware Converter\\" -s ufad-p2v.xml []
R2 VMMEMCTL;Memory Control Driver;\??\c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [2008-09-18 14384]
R2 VMTools;VMware Tools Service;"c:\program files\VMware\VMware Tools\VMwareService.exe" [2008-09-18 539184]
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;"c:\program files\VMware\VMware Tools\vmacthlp.exe" [2008-09-18 358960]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;\??\c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-30 12544]
R3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-11-18 99376]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2008-11-21 11696]
R3 vmx_svga;vmx_svga;c:\windows\system32\DRIVERS\vmx_svga.sys [2008-11-21 63920]
R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\DRIVERS\vmxnet.sys [2008-11-21 36400]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;v:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe []
S2 NGCLIENT;Symantec Ghost Client Agent;"c:\program files\Symantec\Ghost\ngctw32.exe" [2006-12-04 632456]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;"c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [2008-08-15 284016]
S3 APLMp50;APLMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\APLMp50.sys [2006-07-30 18816]
S3 cvspydr2;ColorVision Spyder 2;c:\windows\system32\DRIVERS\cvspydr2.sys [2008-02-02 33024]
S3 OxUSBLF;Oxsemi USB filter driver;c:\windows\system32\DRIVERS\OxUSBLF.sys [2006-05-18 7296]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk\PD91Engine.exe" [2008-09-09 906504]
S3 PD91VMDefrag;PD91VMDefrag;"c:\program files\Raxco\PerfectDisk\PD91VMDefrag.exe" [2008-09-09 234760]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2006-10-02 235648]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2006-10-02 13532]
S3 TPAutoConnSvc;TP AutoConnect Service;"c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe" [2008-09-18 238832]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2006-09-07 10112]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ca45c3a-c6b9-11db-8fed-0015af0148fb}]
\Shell\AutoRun\command - J:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{866c99c3-9047-11db-8fe4-0015af0148fb}]
\Shell\AutoRun\command - q:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2983e38-b5a4-11dd-bb68-005056c00000}]
\Shell\AutoRun\command - m:\wd_windows_tools\WDEULA.exe
.
Contents of the 'Scheduled Tasks' folder
2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\rjohnson.ATSIGMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 14:02]
2008-11-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 16:27]
2008-11-19 c:\windows\Tasks\wrSpySweeper_3A4EC7BF966D43EFA7A8C1437E01D202.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2008-11-19 c:\windows\Tasks\wrSpySweeper_3A4EC7BF966D43EFA7A8C1437E01D202.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2008-11-19 c:\windows\Tasks\wrSpySweeper_3A4EC7BF966D43EFA7A8C1437E01D202.job
- a:\,d:\,e:\,f:\,g:\,h:\,i:\,k:\ []
2008-11-19 c:\windows\Tasks\wrSpySweeper_3A4EC7BF966D43EFA7A8C1437E01D202.job
- a:\","c:\","d:\","e:\","f:\","g:\","h:\","i:\","k:\","v:\" []
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Adobe Photo Downloader - v:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
HKLM-Run-PaperPort PTD - v:\program files\ScanSoft\PaperPort\pptd40nt.exe
HKLM-Run-IndexSearch - v:\program files\ScanSoft\PaperPort\IndexSearch.exe
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\rjohnson.ATSIGMA\Application Data\Mozilla\Firefox\Profiles\erldy9js.default\
FF -: plugin - c:\documents and settings\rjohnson.ATSIGMA\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30226.2\npctrl.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.6\npctrl.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.20926.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsharedview.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 15:18:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\fxssvc.exe
c:\program files\VMware\VMware Converter\vmware-ufad.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2008-11-21 15:47:09 - machine was rebooted [rjohnson]
ComboFix-quarantined-files.txt 2008-11-21 23:46:10
Pre-Run: 12,069,634,048 bytes free
Post-Run: 12,008,144,896 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
345 --- E O F --- 2008-09-25 23:22:41
AND HERE IS HiJACK THIS 2.02 log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07, on 2008-11-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Documents and Settings\rjohnson.ATSIGMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\WinTidy\WinTidy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080/array.dll?Get.Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - V:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - V:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe"
O4 - HKLM\..\Run: [WD Button Manager] "C:\WINDOWS\system32\WDBtnMgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft.NET" Office Communicator\Communicator.exe /silentRetrials /background
O4 - HKCU\..\Run: [DU Meter] "C:\Program Files\DU Meter\DUMeter.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\rjohnson.ATSIGMA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: WinTidy.lnk = C:\Program Files\WinTidy\WinTidy.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://V:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - V:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - V:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted IP range: http://10.1.1.10
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://borland.interwise.com/borland/English/ActiveX/IWsystemchecks.cab
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} (Web Conferencing) - http://micrel.epopcentral.com/joinie.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/dev/code/IE_1070/DownloadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188919430625
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://10.1.1.10/caweb/arview2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = atsigma.com
O17 - HKLM\Software\..\Telephony: DomainName = atsigma.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{303CD80F-15A3-4A4D-9D91-E84814C3F773}: NameServer = 10.1.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{564FAD51-60C2-4A66-B306-F92E08F24942}: NameServer = 10.1.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{80A04397-A123-438A-B516-03AB6E501FC3}: NameServer = 10.1.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEFF0CED-F10C-4325-AFC6-3BCC0EB09F1E}: NameServer = 10.1.1.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = atsigma.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{303CD80F-15A3-4A4D-9D91-E84814C3F773}: NameServer = 10.1.1.11
O20 - AppInit_DLLs: dnqblq.dll
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - v:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Unknown owner - V:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP3\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP3\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware Physical Disk Helper Service - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 16470 bytes
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Acronis*True*Image*Echo Workstation
Acronis*Universal*Restore for Acronis*True*Image*Workstation
Active@ UNDELETE Enterprise (Network Edition)
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Download Manager 2.0 (Remove Only)
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Elements 6.0
Adobe Photoshop Lightroom 2
Adobe Premiere Elements 3.0 Templates
Adobe Premiere Elements 3.0.2
Adobe Premiere Elements 3.0.2
Adobe Premiere Elements Updater 3.0.2
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 7.0.8
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AnswerWorks 4.0 Runtime - English
ApexSQL Diff 2005.14
Apollo DVD to iPod 3.0
Apple Mobile Device Support
Apple Software Update
Arial CD Ripper v1.4.6
ASUS WiFi-AP Solo
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
Axosoft OnTime 2008 Windows
Bonjour
Business-in-a-Box (Demo Version)
Camtasia Studio 6
Capture One 3.7.6
CD+G Disc Player Plug-In for Winamp
CheckIt Diagnostics
Cisco Systems VPN Client 4.8.01.0590
CodeSite 3.0.1 Client Tools
CoffeeCup Flash FireStarter
CoffeeCup Flash Photo Gallery - Registered
CoffeeCup Photo Gallery - Registered
CoffeeCup PixConverter
Combined Community Codec Pack 2007-07-22
ComponentOne Doc-To-Help 7.5
Connect
DC-Bass Source 1.1.1
Debugging Tools for Windows (x86)
DirectVobSub (remove only)
DiscAPI
Doc-O-Matic 5 Professional (Commercial)
DScaler 5 Mpeg Decoders
DU Meter
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.2
e/pop Web Conferencing Client
Eudora
EVEREST Ultimate v4.20.1292 + Corporate Edition v4.20.1269 Beta
ffdshow [rev 1685] [2007-12-06]
FinePrint
Flash Slideshow Maker Pro 4.00
FlashGet 1.8.8.1010
FlashGet(JetCar)
FlashGet(Jetcar) 1.80
FLV Player 1.3.3
Forté Agent
Foxit Reader
FranklinCovey PlanPlus for Microsoft Outlook
Google Earth
GroupMail :: Free Edition
Haali Media Splitter
Handbrake 0.9.2
HD Tune Pro 3.00
Help & Manual 4.30
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
hp LaserJet 1160/1320 series
HP Memories Disc
HP Photo and Imaging 2.3 - Scanjet 4600 Series
IBP 9.0.3
ImgBurn
Interwise Participant
Ipswitch WS_FTP Professional 2007
IrfanView (remove only)
IsoBuster 1.9.1
iTunes
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 Patch
Java(TM) 6 Update 7
JRAID
kuler
Live Search Maps Add-In for Microsoft Office Outlook
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft File Transfer Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft English TTS Engine
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web 2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Firewall Client
Microsoft Firewall Client Update KB905662
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SharedView
Microsoft Silverlight
Microsoft Streets & Trips 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual SourceSafe 2005 - ENU
MobileMe Control Panel
Mozilla Firefox (3.0.4)
Mozilla Thunderbird (2.0.0.14)
Mp3tag v2.41
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
My Book Device Driver
My Book RAID Manager
Nero 8
Nero Mega Plugin Pack
neroxml
NetManage ECCO Pro
nLite 1.4.1
OpenSource Flash Video Splitter (remove only)
Oxsemi Uploader
PDF Settings CS4
pdfFactory Pro
PerfectDisk 2008 for VMware Workstation
Photoshop Camera Raw
Picasa 2
Pinnacle Hollywood FX for Studio
Pixel Bender Toolkit
PowerISO
Quest Installer
QuickPar 0.9
QuickTime
RAPID
Realtek High Definition Audio Driver
Replay AV 8
Safari
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SHOUTcast Source (remove only)
SiSoftware Sandra Engineer XI.SP3
SiSoftware Sandra Professional Business XII.SP2
SmartSound Quicktracks Plugin
SnagIt 8
Sothink FLV Player
Sothink SWF Decompiler
Sothink SWF Easy
Sothink Video Encoder for Adobe Flash
SoundMAX
Spy Sweeper Core
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Studio 11
Suite Shared Configuration CS4
Symantec AntiVirus
Symantec Ghost Configuration Client (Standalone)
SyncBackSE
TaskInfo 6.2.2.186
TextPad 5
TreeSize Professional 5.0
TreeSize Professional 5.1.2
TTS Wrapper
TurboTax Business 2005
TurboTax Business 2006
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
TurboTax Premier 2005
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Visualizer Photo Resize
VMware Converter
VMware DiskMount Utility
VMware Tools
Webroot AntiVirus with AntiSpyware
What's Running 2.2
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Messenger 5.1
Windows Presentation Foundation
Windows Resource Kit Tools
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows XP Service Pack 3
WinRAR archiver
WinTidy 1.0.11
Yahoo! Desktop Login
YouTubeGet 4.9.6
ZoneAlarm Anti-virus
Zoom Player (remove only)
pskelley
2008-11-22, 01:22
When the instructions plainly in bold color says this:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Why is it running from here?
Running from: c:\documents and settings\rjohnson.ATSIGMA\My Documents\ComboFix.exe
Delete combofix and download it again, and this time follow directions.
Post the new combofix log.
pskelley
2008-11-25, 12:39
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.