View Full Version : Possible Infection
Their may be something taking my computer down. It was locked up last night and my daughter swears she didn't download anything. Now my touch pad mouse doesn't work and my keyboard only works sometimes. Wll you please take a look at this Logfile and see if theirs something there? I do have a keylogger installed for my families protection. Thank You
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:44 PM, on 1/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2&hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\MPK\MPK.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
If you still require help please do the following
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-01-07 19:17:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (21%) free of 35 GB
Total RAM: 1247 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:57 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\VUIK4LNY\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2&hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\MPK\MPK.exe,
O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {b47b2b76-b320-4459-8697-16cf63846049} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O8 - Extra context menu item: &Search - ?p=ZCxdm869MTUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230924792843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: agflbv.dll
O20 - Winlogon Notify: nnnlmNFx - C:\WINDOWS\
O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8340 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\njjeaaec.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CC58E49-097B-498A-AD81-4CBD4F38B35E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DA5970E-5B7C-4979-BBA6-852B44AC3B50}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F171007-95F0-4162-8B84-C960169FA0AD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b47b2b76-b320-4459-8697-16cf63846049}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD7406D9-E616-4529-B3D4-07040131D1AC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-07-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-07-10 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-28 385024]
"NWEReboot"= []
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-12 1282048]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-10-30 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-10-30 499712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-07-18 868352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-10-30 499712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-10-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="agflbv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-07-10 319488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmNFx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe"="C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v16.00.00 "
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\MPK\Mpk.exe"="C:\Program Files\MPK\Mpk.exe:*:Enabled:TCP\IP"
"C:\Program Files\MPK\MpkView.exe"="C:\Program Files\MPK\MpkView.exe:*:Enabled:TCP\IP"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\VKC180PV.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e25b8f-d293-11dd-a892-00032512eeb6}]
shell\AutoRun\command - F:\rcaeasyrip_setup.exe
shell\install\command - F:\rcaeasyrip_setup.exe
shell\usermanualEnglish\command - F:\rcaeasyrip_setup.exe /pdf_English
shell\usermanualFrench\command - F:\rcaeasyrip_setup.exe /pdf_French
shell\usermanualSpanish\command - F:\rcaeasyrip_setup.exe /pdf_Spanish
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0f4260-0967-11dd-a606-00032512eeb6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3e19d2-d12c-11dd-a891-00032512eeb6}]
shell\AutoRun\command - G:\VKC180PV.exe
======List of files/folders created in the last 2 months======
2009-01-07 19:17:38 ----D---- C:\rsit
2009-01-07 10:25:57 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2009-01-07 10:25:55 ----A---- C:\WINDOWS\system32\SynTPCoI.dll
2009-01-07 10:25:54 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-01-07 10:25:54 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-01-07 10:25:54 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-01-07 10:25:53 ----D---- C:\Program Files\Synaptics
2009-01-05 09:19:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-05 09:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-05 09:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-02 17:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-02 17:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-02 17:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-02 17:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-02 17:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-02 17:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-02 17:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-02 17:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-02 17:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-02 17:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-02 17:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-02 17:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-02 17:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-02 17:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-02 17:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-02 17:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-02 17:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-02 17:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-02 17:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-02 17:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-02 17:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-02 17:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-02 17:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-02 17:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-02 16:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-02 16:52:15 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-02 16:47:55 ----D---- C:\WINDOWS\Prefetch
2009-01-02 16:36:59 ----D---- C:\WINDOWS\system32\scripting
2009-01-02 16:36:58 ----D---- C:\WINDOWS\l2schemas
2009-01-02 16:36:57 ----D---- C:\WINDOWS\system32\en
2009-01-02 16:36:56 ----D---- C:\WINDOWS\system32\bits
2009-01-02 16:32:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-02 16:18:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-02 13:34:34 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-24 08:01:22 ----A---- C:\WINDOWS\marscam.ini
2008-12-23 21:49:12 ----D---- C:\Program Files\VKC180 Photo Viewer
2008-12-23 21:35:13 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-23 21:34:47 ----D---- C:\Program Files\Mars
2008-12-16 20:57:28 ----SHD---- C:\Program Files\MPK
2008-12-16 18:32:33 ----SHD---- C:\WINDOWS\CSC
2008-12-16 15:46:21 ----H---- C:\Documents and Settings\All Users\Application Data\aimt.tmp
2008-12-16 15:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\sacache
2008-12-16 08:42:10 ----SHD---- C:\Documents and Settings\All Users\Application Data\MPK
2008-12-14 19:16:02 ----A---- C:\WINDOWS\system32\lfpng13n.dll
2008-12-14 19:10:24 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-12-14 19:10:21 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-12-12 18:42:14 ----D---- C:\WINDOWS\.jagex_cache_32
2008-12-10 10:41:46 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 10:41:45 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 10:41:45 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 10:41:45 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 09:22:40 ----D---- C:\Program Files\Common Files\McAfee
2008-12-06 09:22:34 ----D---- C:\Program Files\McAfee.com
2008-12-06 09:22:13 ----D---- C:\Program Files\McAfee
2008-12-01 10:42:03 ----A---- C:\WINDOWS\rocksoft.ini
2008-12-01 10:40:43 ----D---- C:\RSLogix 5000
2008-12-01 10:38:32 ----D---- C:\Program Files\RSLogix 5000 Module Profiles
2008-12-01 09:38:29 ----D---- C:\Program Files\ControlFLASH
2008-11-24 22:38:07 ----A---- C:\WINDOWS\system32\g48.exe
2008-11-24 22:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-11-24 22:22:28 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\vba
2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\PIX
2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\mp2
2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\IO2
2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\FND
2008-11-24 22:18:52 ----D---- C:\WINDOWS\system32\dPI02
2008-11-24 22:18:52 ----D---- C:\Temp
2008-11-24 14:53:37 ----A---- C:\WINDOWS\EVMOVE.INI
2008-11-24 14:50:44 ----A---- C:\WINDOWS\EVMoveW.INI
2008-11-24 14:39:21 ----D---- C:\Documents and Settings\All Users\Application Data\Rockwell
2008-11-24 14:28:38 ----D---- C:\Program Files\Rockwell Automation
2008-11-24 14:23:08 ----A---- C:\WINDOWS\system32\haspvdd.dll
2008-11-24 14:23:06 ----A---- C:\WINDOWS\system32\SNTI386.DLL
2008-11-24 14:23:06 ----A---- C:\WINDOWS\system32\RNBOVDD.DLL
2008-11-24 14:22:50 ----D---- C:\WINDOWS\system32\RNBOSENT
2008-11-24 14:22:43 ----D---- C:\Program Files\GLOBEtrotter Software Inc
2008-11-24 14:21:48 ----D---- C:\Program Files\Rockwell Software
2008-11-24 14:19:54 ----D---- C:\WINDOWS\system32\URTTEMP
2008-11-24 14:10:22 ----D---- C:\Program Files\Common Files\Rockwell
2008-11-19 08:36:55 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-11-19 08:36:35 ----D---- C:\Program Files\SiteAdvisor
2008-11-12 09:33:12 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-11-12 09:33:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-12 09:33:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-11 12:23:47 ----D---- C:\Program Files\Trend Micro
2008-11-10 20:35:11 ----SH---- C:\WINDOWS\system32\dsuawnoa.ini
2008-11-10 20:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft
2008-11-10 20:23:26 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-08 21:24:37 ----ASH---- C:\WINDOWS\system32\OYxIRXbc.ini
2008-11-08 11:41:02 ----A---- C:\WINDOWS\system32\37aab72e-.txt
2008-11-08 11:40:18 ----ASH---- C:\WINDOWS\system32\poqtvyxx.ini
======List of files/folders modified in the last 2 months======
2009-01-07 19:17:42 ----D---- C:\WINDOWS\Temp
2009-01-07 12:30:54 ----D---- C:\WINDOWS\system32\drivers
2009-01-07 10:28:47 ----D---- C:\WINDOWS
2009-01-07 10:27:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-07 10:26:17 ----D---- C:\WINDOWS\system32
2009-01-07 10:26:09 ----HD---- C:\WINDOWS\inf
2009-01-07 10:26:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-07 10:26:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-07 10:25:53 ----RD---- C:\Program Files
2009-01-07 10:08:05 ----SH---- C:\boot.ini
2009-01-07 10:08:04 ----A---- C:\WINDOWS\win.ini
2009-01-07 10:08:04 ----A---- C:\WINDOWS\system.ini
2009-01-07 06:49:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-06 16:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 11:27:55 ----D---- C:\Program Files\Quicken
2009-01-05 11:16:27 ----A---- C:\WINDOWS\QUICKEN.INI
2009-01-05 09:22:52 ----HD---- C:\Config.Msi
2009-01-05 09:19:16 ----A---- C:\WINDOWS\imsins.BAK
2009-01-05 09:18:34 ----SHD---- C:\WINDOWS\Installer
2009-01-04 22:19:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-02 17:12:33 ----D---- C:\Program Files\Messenger
2009-01-02 17:11:15 ----D---- C:\Program Files\Internet Explorer
2009-01-02 17:04:02 ----D---- C:\WINDOWS\WinSxS
2009-01-02 17:03:42 ----D---- C:\WINDOWS\Registration
2009-01-02 17:03:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-02 16:51:17 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-02 16:48:56 ----A---- C:\WINDOWS\setuplog.txt
2009-01-02 16:47:07 ----D---- C:\WINDOWS\system32\Setup
2009-01-02 16:47:07 ----D---- C:\WINDOWS\ime
2009-01-02 16:47:07 ----D---- C:\WINDOWS\AppPatch
2009-01-02 16:47:05 ----D---- C:\WINDOWS\system32\wbem
2009-01-02 16:47:03 ----RSD---- C:\WINDOWS\Fonts
2009-01-02 16:43:33 ----D---- C:\WINDOWS\security
2009-01-02 16:37:24 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-02 16:37:23 ----D---- C:\WINDOWS\network diagnostic
2009-01-02 16:37:22 ----D---- C:\WINDOWS\Help
2009-01-02 16:37:00 ----D---- C:\WINDOWS\system32\usmt
2009-01-02 16:37:00 ----D---- C:\WINDOWS\system32\en-US
2009-01-02 16:36:56 ----D---- C:\WINDOWS\PeerNet
2009-01-02 16:36:56 ----D---- C:\Program Files\Movie Maker
2009-01-02 16:32:22 ----D---- C:\WINDOWS\system32\Restore
2009-01-02 16:32:21 ----D---- C:\WINDOWS\system32\npp
2009-01-02 16:32:21 ----D---- C:\WINDOWS\mui
2009-01-02 16:32:19 ----D---- C:\WINDOWS\msagent
2009-01-02 16:32:16 ----D---- C:\WINDOWS\srchasst
2009-01-02 16:32:15 ----D---- C:\Program Files\NetMeeting
2009-01-02 16:32:11 ----D---- C:\WINDOWS\system32\Com
2009-01-02 16:32:06 ----D---- C:\Program Files\Windows Media Player
2009-01-02 16:32:05 ----D---- C:\Program Files\Windows NT
2009-01-02 16:32:04 ----D---- C:\Program Files\Outlook Express
2009-01-02 16:31:58 ----D---- C:\Program Files\Common Files\System
2009-01-02 16:31:24 ----D---- C:\WINDOWS\system32\oobe
2009-01-02 16:31:20 ----D---- C:\WINDOWS\system
2009-01-02 16:18:44 ----D---- C:\WINDOWS\ehome
2009-01-02 13:44:17 ----D---- C:\WINDOWS\Debug
2009-01-02 13:34:43 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-02 13:33:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-01 21:33:19 ----D---- C:\WINDOWS\system32\config
2009-01-01 21:31:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-01 10:19:58 ----A---- C:\WINDOWS\WININIT.INI
2009-01-01 08:47:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-30 13:54:28 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-12-28 19:07:14 ----D---- C:\Documents and Settings\User\Application Data\Focus Mp3 Recorder
2008-12-25 09:29:49 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 10:41:11 ----D---- C:\Program Files\Java
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 09:23:15 ----SD---- C:\WINDOWS\Tasks
2008-12-06 09:22:40 ----D---- C:\Program Files\Common Files
2008-11-25 14:02:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-24 22:22:32 ----D---- C:\Documents and Settings\User\Application Data\LimeWire
2008-11-24 14:22:12 ----RSD---- C:\WINDOWS\assembly
2008-11-10 20:19:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-11-10 20:18:06 ----D---- C:\Documents and Settings\User\Application Data\AVG7
2008-11-10 14:11:12 ----RHD---- C:\$VAULT$.AVG
2008-11-08 22:01:17 ----D---- C:\Program Files\MySpace
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-07-17 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-07-17 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-18 259328]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-18 118409]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-18 213120]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2002-12-11 11044]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-05-01 30592]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-08-04 120094]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-08-04 96858]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2003-09-26 291712]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2003-09-26 272128]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-05-01 1107200]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-05-01 165504]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-08-04 91419]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-18 22745]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-10-30 178432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-05-01 622848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S1 SISAGPP;SISAGPP; C:\WINDOWS\System32\drivers\SISAGPP.sys []
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-18 21993]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 RsvcHost;Rockwell Application Services; C:\Program Files\Common Files\Rockwell\RsvcHost.exe [2005-06-23 131072]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-12 20480]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
S2 FactoryTalk Activation Service;FactoryTalk Activation Service; C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2003-11-17 659456]
S2 RNADiagnosticsService;FactoryTalk Diagnostics Local Reader; C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe [2005-06-23 28672]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 RNADiagReceiver;FactoryTalk Diagnostics CE Receiver; C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe [2005-06-23 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-01-07 19:18:01
======Uninstall list======
-->"C:\Program Files\Biblesoft\PC Study Bible 3.0\Program\UninPCSB.exe"
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
360Share Pro(remove only)-->"C:\Program Files\360Share Pro\bt-uninst.exe"
ABB FlexPendant Viewer-->MsiExec.exe /I{2431B6F7-8783-4319-BAB7-58E96FD382BC}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ATT-AACE-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Conexant AC-Link Audio-->CIAunwdm.exe
ControlFLASH-->MsiExec.exe /I{3A810E8B-A239-4FA1-878F-B5F92CD7D6EC}
Easy CD & DVD Creator 6-->MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
FactoryTalk Activation Server v2.00.01 (CPR 7)-->MsiExec.exe /I{D9D4E861-D412-491A-98DD-F24342CC03DD}
Focus MP3 Recorder Pro 3.4-->"C:\Program Files\Focus MP3 Recorder Pro\unins000.exe"
GLOBEtrotter FLEXid Drivers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express-->MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Software Update-->MsiExec.exe /I{D5203057-E552-4903-BF49-5CC0F9E5EC84}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
OLYMPUS Master 2-->MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
Parker Isysnet Analog Module Profiles-->MsiExec.exe /X{2ACA8536-E7A2-4914-9597-DBA635D93492}
Parker Isysnet ASCII Module Profile-->MsiExec.exe /X{C3ED335A-3156-4152-B96A-D44A0B1A55A3}
Parker Isysnet Discrete Module Profiles-->MsiExec.exe /X{893727BF-9C7C-483F-9E69-D8314DB21186}
PC Study Bible 3 A.R.L.-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35D68F6E-6642-4D77-B4C9-213470CD7D23}\SETUP.EXE" -uninst
PC Study Bible 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Biblesoft\PC Study Bible 3.0\Uninst.isu"
PC Study Bible Ver. 3.3A Update and Bonus Content-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70C3FAE8-3A8D-11D6-A229-00105ACA0D03}\Setup.exe" -uninst
Photo Viewer-->MsiExec.exe /I{67183F00-3DDC-497B-A090-4E2B79EAF1CD}
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Rockwell Automation 1734 Analog Module Profiles-->MsiExec.exe /X{FC07B277-E45F-47AF-BE00-09B03B356899}
Rockwell Automation 1734 ASCII Module Profiles-->MsiExec.exe /X{23727D32-E8A7-418D-BF8D-97A79FF793C1}
Rockwell Automation 1734 Discrete Module Profiles-->MsiExec.exe /X{357187EE-8B25-467D-A567-88C735932174}
Rockwell Automation 1734 Specialty Module Profiles-->MsiExec.exe /X{39363D4F-BF1C-447C-8014-F7966A9975D9}
Rockwell Automation 1738 Analog Module Profiles-->MsiExec.exe /X{6AFEDA45-288E-445F-A176-FCD42AFA74FE}
Rockwell Automation 1738 ASCII Module Profiles-->MsiExec.exe /X{A2C6C8E7-3540-4A0C-8C87-DAA164B0740B}
Rockwell Automation 1738 Discrete Module Profiles-->MsiExec.exe /X{A393179D-478D-40C7-A6A2-90B9F34C2341}
Rockwell Automation 1738 Specialty Module Profiles-->MsiExec.exe /X{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}
Rockwell Automation 1756 CNet Comms Module Profiles-->MsiExec.exe /X{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}
Rockwell Automation 1756 ENet Comms Module Profiles-->MsiExec.exe /X{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}
Rockwell Automation 1756 HART Module Profiles-->MsiExec.exe /X{AAF8A903-9A85-43DF-A35C-3E5549484DDA}
Rockwell Automation 1769 Analog Module Profiles-->MsiExec.exe /X{2ABE52D6-0F52-48F6-9AB7-A7DDAACD8654}
Rockwell Automation 1769 Analog Module Profiles-->MsiExec.exe /X{842CDC14-718F-4063-9D48-36E982E12946}
Rockwell Automation 1769 Boolean Module Profiles-->MsiExec.exe /X{449AD43D-AEF6-439B-B936-B1E239B8944C}
Rockwell Automation 1769 Discrete Module Profiles-->MsiExec.exe /X{7033EFFB-90EA-4A54-9807-FB4AACA52A0B}
Rockwell Automation 1769 Specialty Module Profiles-->MsiExec.exe /X{E4355DEE-167C-4BD3-9FD7-0F389EBF3981}
Rockwell Automation 1791DS Discrete Module Profiles-->MsiExec.exe /X{28302E0C-2E42-4635-8657-078C88989BEF}
Rockwell Automation Drives PowerFlex 4 Module Profiles-->MsiExec.exe /X{66B72D42-0209-4F45-857A-D509649FC74B}
Rockwell Automation Drives PowerFlex 7 Module Profiles-->MsiExec.exe /X{5EFD7668-C7D7-401E-BF4C-F10CEE02ED9E}
Rockwell Automation Drives SCANport Module Profiles-->MsiExec.exe /X{102AC368-2BC1-482D-85B9-5C38F5025F8B}
Rockwell Automation Generic Safety Module Profiles-->MsiExec.exe /X{F699127B-51FB-44DF-AD6A-8AC498BA9684}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
RSLogix 5000 Module Profile Core-->MsiExec.exe /X{903B8611-2695-4B42-A613-1394AD01F511}
RSLogix 5000 Module Profile Setup Utility-->MsiExec.exe /X{110ACB92-B678-4CAC-870F-86F1326219D6}
RSLogix 5000 Online Books v16.00.00-->MsiExec.exe /I{20010016-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 Start Page Media v16.00.05-->MsiExec.exe /I{10050016-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 System Updates-->MsiExec.exe /X{8E10471D-5CBF-4080-972D-2E6451420B7F}
RSLogix 5000 v15.01-->MsiExec.exe /X{30010115-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v16.00.00 -->MsiExec.exe /I{30010016-EC33-11D6-A408-F6139379CBFB}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SoftK56 Data Fax-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_202F161F\HXFSETUP.EXE -U -Iem202f5.inf
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
UltraEdit-32-->"C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
UltraSentry-->"C:\Program Files\IDM Computer Solutions\UltraSentry\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraSentry\install.log" -u
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VKC180 Photo Viewer-->"C:\Program Files\VKC180 Photo Viewer\unins000.exe"
Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0-->C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr7910_1ffef370f39864f3aaa62219d434ae06b02b70ab
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WM Recorder 11.3-->C:\Program Files\WMR11\Uninstal.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
=====HijackThis Backups=====
O2 - BHO: {73518f3d-acc0-cf28-07e4-5e130b472348} - {843274b0-31e5-4e70-82fc-0ccad3f81537} - C:\WINDOWS\system32\zazhuf.dll
O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
O20 - AppInit_DLLs: zazhuf.dll
O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
O2 - BHO: (no name) - {b47b2b76-b320-4459-8697-16cf63846049} - (no file)
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
System event log
Computer Name: YOUR-9C09040F1A
Event Code: 7036
Message: The Wireless Zero Configuration service entered the stopped state.
Record Number: 28504
Source Name: Service Control Manager
Time Written: 20081215160748.000000-360
Event Type: information
User:
Computer Name: YOUR-9C09040F1A
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a stop control.
Record Number: 28503
Source Name: Service Control Manager
Time Written: 20081215160747.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-9C09040F1A
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.
Record Number: 28502
Source Name: Service Control Manager
Time Written: 20081215160743.000000-360
Event Type: information
User:
Computer Name: YOUR-9C09040F1A
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.
Record Number: 28501
Source Name: Service Control Manager
Time Written: 20081215160743.000000-360
Event Type: information
User:
Computer Name: YOUR-9C09040F1A
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.
Record Number: 28500
Source Name: Service Control Manager
Time Written: 20081215160743.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM
Application event log
Computer Name: YOUR-9C09040F1A
Event Code: 1
Message:
Record Number: 6163
Source Name: Avg7UpdSvc
Time Written: 20081108215829.000000-360
Event Type: information
User:
Computer Name: YOUR-9C09040F1A
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 6162
Source Name: LoadPerf
Time Written: 20081108212719.000000-360
Event Type: information
User:
Computer Name: YOUR-9C09040F1A
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.
Record Number: 6161
Source Name: LoadPerf
Time Written: 20081108212717.000000-360
Event Type: information
User:
Computer Name: YOUR-9C09040F1A
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 6160
Source Name: LoadPerf
Time Written: 20081108204644.000000-360
Event Type: information
User:
Computer Name: YOUR-9C09040F1A
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.
Record Number: 6159
Source Name: LoadPerf
Time Written: 20081108204641.000000-360
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\IDM Computer Solutions\UltraEdit-32;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Rockwell Automation\Common\Components
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Step 1
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
Start MalwareBytes AntiMalware
Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update
When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------- -----------------------------------------------------------
Step 2
OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
explorer.exe
:Services
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CC58E49-097B-498A-AD81-4CBD4F38B35E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DA5970E-5B7C-4979-BBA6-852B44AC3B50}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F171007-95F0-4162-8B84-C960169FA0AD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b47b2b76-b320-4459-8697-16cf63846049}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD7406D9-E616-4529-B3D4-07040131D1AC}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmNFx]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\drivers\svchost.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e25b8f-d293-11dd-a892-00032512eeb6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0f4260-0967-11dd-a606-00032512eeb6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3e19d2-d12c-11dd-a891-00032512eeb6}]
:Files
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\g48.exe
C:\WINDOWS\system32\dsuawnoa.ini
C:\WINDOWS\system32\OYxIRXbc.ini
C:\WINDOWS\system32\37aab72e-.txt
C:\WINDOWS\system32\poqtvyxx.ini
C:\Documents and Settings\User\Application Data\LimeWire
C:\WINDOWS\tasks\njjeaaec.job
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
O2 - BHO: (no name) - {b47b2b76-b320-4459-8697-16cf63846049} - (no file)
O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O8 - Extra context menu item: &Search - ?p=ZCxdm869MTUS
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O20 - AppInit_DLLs: agflbv.dll
O20 - Winlogon Notify: nnnlmNFx - C:\WINDOWS\
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
----------------------------------------------------------- -----------------------------------------------------------
Step 4
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------- -----------------------------------------------------------
Step 5
Remove Programs
Older versions of some programs have vulnerabilities that malware can use to infect your system.
Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Now close the Control Panel.
----------------------------------------------------------- -----------------------------------------------------------
Step 6
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
MalwareBytes Log
OTMI Log
Combofix Log
How are things running now ?
----------------------------------------------------------- -----------------------------------------------------------
Additional Notes
Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended
There is a newer version of Adobe Acrobat Reader available.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
When the installation is complete go to Add/Remove Programs and uninstall all previous versions.
Adobe Reader 8.1.3
I ran Malwarebytes yesterday and there was a problem found. I had it fix the problem so that is why there are no problems now. I did find that I have virtumonde earlier this week. I had SpyBot delete it also. I will finish the steps now. Thank You very much for all the help and advice. My touchpad mouse doesn't work anymore because of this. I've tried to reload drivers and nothing. Hopefully this works!
Malwarebytes' Anti-Malware 1.32
Database version: 1630
Windows 5.1.2600 Service Pack 3
1/8/2009 8:53:22 AM
mbam-log-2009-01-08 (08-53-22).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 144175
Time elapsed: 1 hour(s), 28 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CC58E49-097B-498A-AD81-4CBD4F38B35E}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DA5970E-5B7C-4979-BBA6-852B44AC3B50}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F171007-95F0-4162-8B84-C960169FA0AD}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b47b2b76-b320-4459-8697-16cf63846049}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD7406D9-E616-4529-B3D4-07040131D1AC}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmNFx\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e25b8f-d293-11dd-a892-00032512eeb6}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0f4260-0967-11dd-a606-00032512eeb6}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3e19d2-d12c-11dd-a891-00032512eeb6}\\ deleted successfully.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vbzip10.dll NOT unregistered.
C:\WINDOWS\system32\vbzip10.dll moved successfully.
C:\WINDOWS\system32\g48.exe moved successfully.
C:\WINDOWS\system32\dsuawnoa.ini moved successfully.
C:\WINDOWS\system32\OYxIRXbc.ini moved successfully.
C:\WINDOWS\system32\37aab72e-.txt moved successfully.
C:\WINDOWS\system32\poqtvyxx.ini moved successfully.
C:\Documents and Settings\User\Application Data\LimeWire\xml\schemas moved successfully.
C:\Documents and Settings\User\Application Data\LimeWire\xml\misc moved successfully.
C:\Documents and Settings\User\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\User\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\User\Application Data\LimeWire\themes\360SharePro_theme moved successfully.
C:\Documents and Settings\User\Application Data\LimeWire\themes moved successfully.
C:\Documents and Settings\User\Application Data\LimeWire moved successfully.
C:\WINDOWS\tasks\njjeaaec.job moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_VtiA3KonnsNcAYK scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ocZSMjpRbC5Y4YF scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_txpQYVCDfccWu4M scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_dPygTedGqgaF5xt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_EGY3rNpprFWeIOS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_khVpEjh3Qx14MXd scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_091942
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\mcafee_VtiA3KonnsNcAYK moved successfully.
C:\WINDOWS\temp\mcmsc_ocZSMjpRbC5Y4YF moved successfully.
File C:\WINDOWS\temp\mcmsc_txpQYVCDfccWu4M not found!
File C:\WINDOWS\temp\Perflib_Perfdata_734.dat not found!
C:\WINDOWS\temp\sqlite_dPygTedGqgaF5xt moved successfully.
C:\WINDOWS\temp\sqlite_EGY3rNpprFWeIOS moved successfully.
C:\WINDOWS\temp\sqlite_khVpEjh3Qx14MXd moved successfully.
File move failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be moved on reboot.
ComboFix 09-01-07.02 - User 2009-01-08 9:52:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1247.842 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\temp\tn3
c:\windows\Fonts\a.zip
c:\windows\SNMPAPI.DLL
c:\windows\system32\dPI02
c:\windows\system32\drivers\npf.sys
c:\windows\system32\MabryObj.dll
c:\windows\system32\packet.dll
c:\windows\system32\sinvfct.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-08 09:19 . 2009-01-08 09:19 <DIR> d-------- C:\_OTMoveIt
2009-01-07 19:17 . 2009-01-07 19:18 <DIR> d-------- C:\rsit
2009-01-07 10:25 . 2009-01-07 10:25 <DIR> d-------- c:\program files\Synaptics
2009-01-07 10:25 . 2003-10-30 16:43 178,432 --a------ c:\windows\system32\drivers\SynTP.sys
2009-01-07 10:25 . 2003-10-30 16:44 110,592 --a------ c:\windows\system32\SynCtrl.dll
2009-01-07 10:25 . 2003-10-30 16:44 90,112 --a------ c:\windows\system32\SynTPAPI.dll
2009-01-07 10:25 . 2003-10-30 16:48 77,824 --a------ c:\windows\system32\SynTPCoI.dll
2009-01-07 10:25 . 2003-10-30 16:43 77,824 --a------ c:\windows\system32\SynCOM.dll
2009-01-07 10:25 . 2003-10-30 16:46 65,536 --a------ c:\windows\system32\SynTPFcs.dll
2009-01-07 10:08 . 2009-01-07 15:32 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-07 10:08 . 2009-01-07 10:08 1,409 --a------ c:\windows\QTFont.for
2009-01-02 16:52 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\system32\scripting
2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\system32\en
2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\system32\bits
2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\l2schemas
2009-01-02 16:32 . 2009-01-02 16:32 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-02 14:36 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-02 14:35 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-02 14:35 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-02 14:35 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-02 14:35 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-02 14:34 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-02 14:33 . 2008-06-13 05:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-02 14:33 . 2008-08-14 04:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2009-01-02 14:29 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-02 14:20 . 2004-08-03 22:29 25,471 --------- c:\windows\system32\drivers\watv10nt.sys
2009-01-02 14:20 . 2004-08-03 22:29 22,271 --------- c:\windows\system32\drivers\watv06nt.sys
2009-01-02 14:20 . 2004-08-03 22:29 11,935 --------- c:\windows\system32\drivers\wadv11nt.sys
2009-01-02 14:20 . 2004-08-03 22:29 11,871 --------- c:\windows\system32\drivers\wadv09nt.sys
2009-01-02 14:20 . 2004-08-03 22:29 11,807 --------- c:\windows\system32\drivers\wadv07nt.sys
2009-01-02 14:20 . 2004-08-03 22:29 11,295 --------- c:\windows\system32\drivers\wadv08nt.sys
2009-01-02 14:14 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-02 14:03 . 2008-05-08 08:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-02 13:59 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-02 13:59 . 2008-05-01 08:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-01-02 13:40 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-02 13:40 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-02 13:34 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-01 21:41 . 2009-01-06 17:02 570 --a------ c:\windows\system32\runkgb.lnk
2008-12-24 08:01 . 2008-12-24 08:20 36 --a------ c:\windows\marscam.ini
2008-12-24 07:54 . 2008-04-13 12:46 85,248 --a------ c:\windows\system32\drivers\nabtsfec.sys
2008-12-24 07:54 . 2008-04-13 12:46 19,200 --a------ c:\windows\system32\drivers\wstcodec.sys
2008-12-24 07:54 . 2008-04-13 12:46 17,024 --a------ c:\windows\system32\drivers\ccdecode.sys
2008-12-24 07:54 . 2008-04-13 18:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-12-24 07:54 . 2008-04-13 12:46 15,232 --a------ c:\windows\system32\drivers\streamip.sys
2008-12-24 07:54 . 2008-04-13 12:46 11,136 --a------ c:\windows\system32\drivers\slip.sys
2008-12-24 07:54 . 2008-04-13 12:46 10,880 --a------ c:\windows\system32\drivers\ndisip.sys
2008-12-24 07:54 . 2008-04-13 12:39 5,504 --a------ c:\windows\system32\drivers\mstee.sys
2008-12-23 21:49 . 2008-12-23 21:49 <DIR> d-------- c:\program files\VKC180 Photo Viewer
2008-12-23 21:35 . 2008-04-13 18:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-12-23 21:35 . 2008-04-13 18:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-23 21:35 . 2008-04-13 18:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-23 21:35 . 2008-04-13 18:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-23 21:35 . 2008-04-13 18:12 28,672 --a------ c:\windows\system32\vidcap.ax
2008-12-23 21:34 . 2008-12-23 21:34 <DIR> d-------- c:\program files\Mars
2008-12-16 20:57 . 2009-01-06 17:02 <DIR> d--hs---- c:\program files\MPK
2008-12-16 20:57 . 2009-01-06 17:02 570 --a------ c:\windows\system32\runrefog.lnk
2008-12-16 18:30 . 2008-12-16 18:30 <DIR> d--hs---- c:\documents and settings\All Users\common
2008-12-16 15:07 . 2008-12-16 17:27 314 ---h----- c:\documents and settings\All Users\Application Data\emopts.dat
2008-12-16 15:03 . 2008-12-17 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\sacache
2008-12-16 08:42 . 2009-01-08 09:28 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\MPK
2008-12-14 19:16 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-14 19:10 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-14 19:10 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-14 19:10 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-14 19:10 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-14 19:10 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-14 19:10 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-14 19:10 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-14 19:10 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-12 18:42 . 2008-12-12 18:42 <DIR> d-------- c:\windows\.jagex_cache_32
2008-12-12 18:42 . 2008-12-14 13:43 31 --a------ c:\documents and settings\User\jagex_runescape_preferences.dat
2008-12-10 10:41 . 2008-12-10 10:41 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 13:21 --------- d-----w c:\program files\Quicken
2009-01-07 18:30 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-06 22:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 00:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 00:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-30 19:54 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-12-29 01:07 --------- d-----w c:\documents and settings\User\Application Data\Focus Mp3 Recorder
2008-12-23 14:54 --------- d-----w c:\program files\McAfee
2008-12-10 16:41 --------- d-----w c:\program files\Java
2008-12-06 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-06 15:24 --------- d-----w c:\program files\Common Files\McAfee
2008-12-06 15:23 --------- d-----w c:\program files\McAfee.com
2008-12-06 14:28 --------- d-----w c:\program files\SiteAdvisor
2008-12-02 13:21 17,044 --sh--r C:\EVRSI.SYS
2008-12-01 17:14 --------- d-----w c:\program files\Rockwell Software
2008-12-01 17:14 --------- d-----w c:\program files\Common Files\Rockwell
2008-12-01 16:59 --------- d-----w c:\program files\RSLogix 5000 Module Profiles
2008-12-01 15:38 --------- d-----w c:\program files\ControlFLASH
2008-11-25 20:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-25 04:34 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-11-24 20:39 --------- d-----w c:\documents and settings\All Users\Application Data\Rockwell
2008-11-24 20:28 --------- d-----w c:\program files\Rockwell Automation
2008-11-24 20:23 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2008-11-24 20:23 453,632 ----a-w c:\windows\system32\drivers\hardlock.sys
2008-11-24 20:22 --------- d-----w c:\program files\GLOBEtrotter Software Inc
2008-11-19 15:05 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-11-19 14:36 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-12 15:33 --------- d-----w c:\documents and settings\User\Application Data\Malwarebytes
2008-11-12 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-11 18:23 --------- d-----w c:\program files\Trend Micro
2008-11-11 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee Anti-Theft
2008-11-11 02:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-11 02:18 --------- d-----w c:\documents and settings\User\Application Data\AVG7
2008-11-09 04:01 --------- d-----w c:\program files\MySpace
2008-11-08 01:08 --------- d-----w c:\documents and settings\User\Application Data\MySpace
2008-10-22 15:23 6,147 ----a-w c:\program files\PCLICSB.DAT
2008-08-19 23:29 20,728 ----a-w c:\documents and settings\User\Application Data\GDIPFONTCACHEV1.DAT
2008-06-19 16:53 258 ---h--r c:\program files\Common Files\LMF.DAT
2007-12-04 13:28 1,663 ----a-w c:\windows\inf\COM7C.tmp
2007-11-06 14:08 5,914 ----a-w c:\documents and settings\User\bpk.dat
2007-10-17 12:19 705 ----a-w c:\documents and settings\User\web.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-28 385024]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 499712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-09-04 13:52 95536 c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-07-18 17:23 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 18:44 65536 c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-10-30 16:46 499712 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-10-30 16:46 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"GetModule27"="c:\program files\GetModule\GetModule27.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MPK\\Mpk.exe"=
"c:\\Program Files\\MPK\\MpkView.exe"=
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-06 206096]
S1 SISAGPP;SISAGPP;c:\windows\system32\drivers\SISAGPP.sys --> c:\windows\system32\drivers\SISAGPP.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-09-18 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-09-18 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-09-18 23680]
S4 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2003-11-17 659456]
.
Contents of the 'Scheduled Tasks' folder
2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-12-06 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2&hl=en
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: *.turbotax.com
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Rockwell\RsvcHost.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-01-08 10:00:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 16:00:36
Pre-Run: 7,893,053,440 bytes free
Post-Run: 7,835,201,536 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
264 --- E O F --- 2009-01-07 12:49:53
I am sorry about the mutiple post. Maybe I should have read all the steps before posting the request. The computer is running fine so far. However, I still do not have the touch pad (synaptics) mouse working. This all happened when the computer locked up. Do you think that (myspace or youtube) could have had anything to do with this. Thanks for your help and I am including a (Hijack this) log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:03 AM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2&hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\MPK\MPK.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230924792843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7809 bytes
Information
1) I am sorry about the mutiple post. Maybe I should have read all the steps before posting the request.
2) I still do not have the touch pad (synaptics) mouse working. This all happened when the computer locked up.
3) Do you think that (myspace or youtube) could have had anything to do with this.
1) Don't apologise, you need multiple posts to get all the logs in properly
2) There is no obvious reason showing in your lo why the touch pad isn't working ?
3) Very likely, they are both very dangerous places.
----------------------------------------------------------- -----------------------------------------------------------
Step 1
OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"GetModule27"=-
:Files
c:\program files\GetModule
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
OTMI Log
Active Scan Log
How are things running now ?
Here are the two log files. Keep in mind that I do have a keylogger installed on the computer for my family. You mentioned that (myspace) was dangerous. Without taking it away, is there anything I can do to minimize these issues. Thank You again for everything.
Active Scan
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-09 07:26:04
PROTECTIONS: 2
MALWARE: 23
SUSPECTS: 11
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 9.0 No Yes
McAfee VirusScan Plus 13.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00097389 Application/PerfectKeyLog.A HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP222\A0070784.dll
00097389 Application/PerfectKeyLog.A HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0075288.dll
00101945 HackTool/Samdump HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\PWDump2\pwdump2.zip[pwdump2/samdump.dll]
00101945 HackTool/Samdump HackTools No 0 No No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe[C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe][pwdump2\samdump.dll]
00101946 HackTool/Samdump HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\PWDump2\pwdump2.zip[pwdump2/pwdump2.exe]
00101946 HackTool/Samdump HackTools No 0 No No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe[C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe][pwdump2\pwdump2.exe]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@www.burstbeacon[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@questionmarket[2].txt
00321319 HackTool/RockXp4 HackTools No 1 No No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe[C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe][RockXP4_.exe]
00461964 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\richtx.dll
00461964 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0076356.dll
00493927 Adware/MxLiveMedia Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\01082009_091942\WINDOWS\system32\g48.exe
00506589 HackTool/RockXp4 HackTools No 1 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP262\A0088929.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP262\A0088918.sys
02896274 Application/BigBrother HackTools No 0 Yes No C:\Documents and Settings\All Users\common\dll\netdr\dmm.dll
02896274 Application/BigBrother HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0076346.dll
02896275 Application/BigBrother HackTools No 0 Yes No C:\Documents and Settings\All Users\common\dll\netdr\winl.dll
02896275 Application/BigBrother HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0076340.dll
02987821 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/unique.exe]
02987821 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unique.exe
02987822 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/john-mmx.exe]
02987822 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\john-mmx.exe
02987823 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/john-386.exe]
02987823 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\john-386.exe
02987824 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/unafs.exe]
02987824 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unafs.exe
02987825 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unshadow.exe
02987825 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/unshadow.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Ultra Compare\UltraCompareKeygen.exe
03548697 Trj/Clicker.ALY Virus/Trojan No 1 No No C:\_OTMoveIt\MovedFiles\01082009_091942\WINDOWS\system32\g48.exe[■%%\²şÇ]
03992023 Application/BigBrother HackTools No 0 Yes No C:\Documents and Settings\All Users\common\dll\netdr\mdm.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ,
;===================================================================================================================================================================================
No C:\Program Files\MPK\Mpk.dll ,
No C:\Program Files\MPK\MPK.exe
OTMoveIt3
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-\\GetModule27 deleted successfully.
========== FILES ==========
File/Folder c:\program files\GetModule not found.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_192419
1) Keep in mind that I do have a keylogger installed on the computer for my family.
2) You mentioned that (myspace) was dangerous. Without taking it away, is there anything I can do to minimize these issues.
1) Yes, unfortunately I don't know if the keylogger I am seeing is yours or a malicious one though :)
There appear to be two present
2) You could use Firefox with NoScript addon, that would cut down some of the risk
Cracks, Keygens and Warez
C:\Documents and Settings\User\Desktop\Software\Ultra Compare\UltraCompareKeygen.exe
In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.
This applies to Cracks, Keygens and Warez
In the future I strongly suggest you stay away from using cracks and/or Keygens.
----------------------------------------------------------- -----------------------------------------------------------
Do you know why these are present ?
C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\john-386.exe
C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\john-mmx.exe
C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unafs.exe
C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unique.exe
C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unshadow.exe
C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip
C:\Documents and Settings\User\Desktop\Software\Password Crackers\PWDump2\pwdump2.zip
C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe
OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Files
C:\Documents and Settings\User\Desktop\Software\Ultra Compare\UltraCompareKeygen.exe
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Sorry about the key gen. I didn't realize that was there. On the password crackers, a friend gave those to me because I screwed up when creating a password for windows. When I went to log on later I couldn't get in. We had to use Linux and retrieve the password. I kept them in case I needed them again. On the Keylogger, I had Perfect Keylogger which I want to get rid of, and I now have MK refog. Thanks again for your help!!!!!!
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.