PDA

View Full Version : Smitfraud, Virtumonde & More Nasty Stuff



javertno1
2009-02-08, 08:46
After running SB S&D a few times I keep getting the following:
Smitfraud-C
IRC.crt
MicrosoftWindowsSecurityCenter_disabled
Virtumonde.generic
Virtumonde
Virtumonde.sci

Please help me get rid of this. Here's the hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:25 AM, on 2/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Drew\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 12156 bytes

I reread "Before You Post" and noticed that I did not backup my registry using ERUNT. Now I did and ran Hijackthis again. Here's the new log file. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:30 AM, on 2/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1153770788\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Drew\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 12312 bytes

I downloaded advanced registry optimizer instead of ERUNT. I realized my mistake and corrected it. Here's the new Hijack This file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:26 AM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Drew\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 12438 bytes

----------------------
Other topic: http://forums.spybot.info/showthread.php?t=45582

peku006
2009-02-11, 19:14
Hello and welcome to Safer Networking.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

Registry Cleaners, not recommended (http://forums.spybot.info/showthread.php?t=30113)

Rename Hijackthis

Rename HijackThis.exe to javertno1.exe by doing the following;

Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down menu; "Rename"
And now Rename HijackThis.exe to javertno1.exe
Now right click on the renamed hijackthis and click Send to... and then Desktop (create shortcut)...
Now go to your desktop and delete the old shortcut called "Hijackthis" Make sure you keep the one called javertno1.exe
Now double click the new shortcut.
Take a fresh HijackThis log (click Do a system scan and save a log file)
Post the fresh HijackThis log here.

Thanks peku006

javertno1
2009-02-11, 22:07
Thank you for getting back to me. Here's the new HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:23 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\John\LOCALS~1\Temp\winlognn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\John\LOCALS~1\Temp\csrssc.exe
C:\DOCUME~1\John\LOCALS~1\Temp\3167.tmp
C:\DOCUME~1\John\LOCALS~1\Temp\3167.tmp
C:\Program Files\Trend Micro\HijackThis\javertno1.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: C:\WINDOWS\system32\hsfd83jfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hsfd83jfdg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [Tmojofafahinalul] rundll32.exe "C:\WINDOWS\Kmozunumulo.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\John\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\John\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\John\LOCALS~1\Temp\csrssc.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Drew\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hsfd83jfdg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 13502 bytes

peku006
2009-02-11, 23:43
Hi javertno1
Thanks for returning your information, let's proceed like this and in the numbered order.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to use Safe Mode and you will not have access to this page.

1 - Download and Install SDFix
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

2 - Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

3- Run SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

4 - Scan With ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)

Please include the C:\ComboFix.txt in your next reply for further review.

5 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

6 - Status Check
Please reply with

1. the SDFix Report.txt(C:\SDFix\Report.txt)
2. the ComboFix log(C:\ComboFix.txt)
3. a fresh HijackThis log

Thanks peku006

javertno1
2009-02-12, 02:32
I performed the tasks as requested and here are the reports. Were most/all of the infections in Drew's account? Thank you.

The text is too long to post; therefore, I am submitting the ComboFix file separately.

SDFix: Version 1.240
Run by John on Wed 02/11/2009 at 05:06 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\fccbYstU.dll - Deleted
C:\169218~1 - Deleted
C:\Documents and Settings\John\Desktop\Cheap Pharmacy Online.url - Deleted
C:\Documents and Settings\John\Favorites\Cheap Pharmacy Online.url - Deleted
C:\Documents and Settings\John\Start Menu\Cheap Pharmacy Online.url - Deleted
C:\Documents and Settings\John\Desktop\SMS TRAP.url - Deleted
C:\Documents and Settings\John\Favorites\SMS TRAP.url - Deleted
C:\Documents and Settings\John\Start Menu\SMS TRAP.url - Deleted
C:\Documents and Settings\John\Desktop\VIP Casino.url - Deleted
C:\Documents and Settings\John\Favorites\VIP Casino.url - Deleted
C:\Documents and Settings\John\Start Menu\VIP Casino.url - Deleted
C:\WINDOWS\system32\c.ico - Deleted
C:\WINDOWS\system32\m.ico - Deleted
C:\WINDOWS\system32\p.ico - Deleted
C:\WINDOWS\system32\s.ico - Deleted
C:\Documents and Settings\John\Favorites\Search Online.url - Deleted
C:\Documents and Settings\John\Desktop\Search Online.url - Deleted
C:\Documents and Settings\John\Start Menu\Search Online.url - Deleted
C:\DOCUME~1\John\LOCALS~1\Temp\Csrssc.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 17:35:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\John\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"="C:\\WINDOWS\\SYSTEM32\\MSHTA.EXE:*:Enabled:Microsoft (R) HTML Application host"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Documents and Settings\\Drew\\aim.exe"="C:\\Documents and Settings\\Drew\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"="C:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="C:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\Drew\\My Documents\\My Music\\Azureus\\Azureus\\Azureus.exe"="C:\\Documents and Settings\\Drew\\My Documents\\My Music\\Azureus\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\WINDOWS\\EHOME\\ehshell.exe"="C:\\WINDOWS\\EHOME\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\AOLDesktop.exe"="C:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Program Files\\Common Files\\Intuit\\Update Service\\IntuitUpdateService.exe"="C:\\Program Files\\Common Files\\Intuit\\Update Service\\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AMERIC~1.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 15 Oct 2008 633,632 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Mon 7 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 29 Mar 2007 24,576 A..H. --- "C:\Documents and Settings\Jordan\My Documents\~WRL1511.tmp"
Thu 29 Mar 2007 24,576 A..H. --- "C:\Documents and Settings\Jordan\My Documents\~WRL1776.tmp"
Thu 27 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 15 Jan 2007 38,912 A..H. --- "C:\Documents and Settings\Drew\My Documents\Papers\~WRL1537.tmp"
Mon 15 Jan 2007 25,088 A..H. --- "C:\Documents and Settings\Drew\My Documents\Papers\~WRL1783.tmp"
Mon 15 Jan 2007 38,912 A..H. --- "C:\Documents and Settings\Drew\My Documents\Papers\~WRL2265.tmp"
Mon 15 Jan 2007 38,400 A..H. --- "C:\Documents and Settings\Drew\My Documents\Papers\~WRL3266.tmp"
Mon 15 Jan 2007 25,088 A..H. --- "C:\Documents and Settings\Drew\My Documents\Papers\~WRL3981.tmp"
Thu 5 Oct 2006 299,008 A..H. --- "C:\Program Files\Canon\Memory Card Utility\iP6310D\Maint.exe"
Fri 10 Feb 2006 61,440 A..H. --- "C:\Program Files\Canon\Memory Card Utility\iP6310D\uinstrsc.dll"
Sun 1 Jan 2006 45,056 ...H. --- "C:\Documents and Settings\Drew\Application Data\Microsoft\Templates\~WRL0003.tmp"
Sun 18 Jan 2009 2,421 ...HR --- "C:\Documents and Settings\Drew\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 6 Feb 2006 40,448 ...H. --- "C:\Documents and Settings\Ginny\Application Data\Microsoft\Templates\~WRL2654.tmp"
Mon 7 Feb 2005 4,348 A..H. --- "C:\Documents and Settings\John\My Documents\My Music\License Backup\drmv1key.bak"
Tue 25 Oct 2005 20 A..H. --- "C:\Documents and Settings\John\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 16 May 2005 400 A.SH. --- "C:\Documents and Settings\John\My Documents\My Music\License Backup\drmv2key.bak"
Sat 27 Dec 2008 1,977 ...HR --- "C:\Documents and Settings\Jordan\Application Data\SecuROM\UserData\securom_v7_01.bak"
Wed 15 Oct 2008 96,072 A..H. --- "C:\Program Files\Common Files\AOL\TopSpeed\3.0\WBUnins.exe"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp"
Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ginny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ginny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ginny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Ginny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\Ginny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\Ginny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp"
Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\John\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\John\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\John\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\John\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\John\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\John\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\Jordan\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\Jordan\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\New Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\New Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 9 Dec 2008 8 A..H. --- "C:\Documents and Settings\New Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Tue 9 Dec 2008 8 A..H. --- "C:\Documents and Settings\New Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Tue 9 Dec 2008 8 A..H. --- "C:\Documents and Settings\New Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Tue 9 Dec 2008 8 A..H. --- "C:\Documents and Settings\New Drew\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\TEMP\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 4 Dec 2007 8 A..H. --- "C:\Documents and Settings\TEMP\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 13 Mar 2008 8 A..H. --- "C:\Documents and Settings\TEMP\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 13 Mar 2008 8 A..H. --- "C:\Documents and Settings\TEMP\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Thu 13 Mar 2008 8 A..H. --- "C:\Documents and Settings\TEMP\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Thu 13 Mar 2008 8 A..H. --- "C:\Documents and Settings\TEMP\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp"

Finished!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:30 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\javertno1.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {609b874c-f4d9-6458-bb24-41eaa109d043} - {340d901a-ae14-42bb-8546-9d4fc478b906} - C:\WINDOWS\system32\wijrhg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fcccdDsT.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Gyivonusoh] rundll32.exe "C:\WINDOWS\uwofoseqova.dll",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Drew\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: nvuhga.dll
O20 - Winlogon Notify: fcccdDsT - C:\WINDOWS\SYSTEM32\fcccdDsT.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 12743 bytes

javertno1
2009-02-12, 02:36
ComboFix Part 1

The ComboFix file is too big; therefore, I'm sending it in two parts.

ComboFix 09-02-11.02 - John 2009-02-11 18:45:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.583 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Drew\Application Data\Google\T-Scan
c:\documents and settings\Drew\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Drew\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Drew\Application Data\Google\T-Scan\y.gif
c:\windows\ios.dat
c:\windows\Kmozunumulo.dll
c:\windows\SYSTEM32\998.exe
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaiblpdqkf.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hsfd83jfdg.dll
c:\windows\system32\nvuhga.dll
c:\windows\system32\prunnet.exe
c:\windows\SYSTEM32\qsstutwa.ini
c:\windows\SYSTEM32\qsstutwa.ini2
c:\windows\system32\senekabyphfguu.dll
c:\windows\system32\senekaellimgiu.dll
c:\windows\system32\senekaenfqsyfg.dll
c:\windows\system32\senekaktrfeckg.dat
c:\windows\system32\senekarvamybwu.dat
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\vtUnnlLc.dll
c:\windows\system32\winlogon2.exe
c:\windows\system32\WxGjkUtv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2009-02-11 18:20 . 2009-02-11 18:20 132,096 --a------ c:\windows\uwofoseqova.dll
2009-02-11 17:26 . 2009-02-11 17:26 35,328 --a------ c:\windows\SYSTEM32\fcccdDsT.dll
2009-02-11 17:25 . 2009-02-11 17:25 46,080 --------- c:\windows\SYSTEM32\clickfile.exe
2009-02-11 14:58 . 2009-02-11 14:58 19,214 --a------ c:\windows\SYSTEM32\sf.ico
2009-02-11 14:58 . 2009-02-11 14:58 13,942 --a------ c:\windows\SYSTEM32\m3.ico
2009-02-11 14:57 . 2009-02-11 14:57 122,880 --a------ c:\windows\SYSTEM32\fejokt.dll
2009-02-11 14:57 . 2009-02-11 14:57 94,215 --a------ C:\pfgiuuo.exe
2009-02-11 14:57 . 2009-02-11 14:57 83,456 --a------ c:\windows\SYSTEM32\hinwyygr.dll
2009-02-11 14:57 . 2009-02-11 14:57 82,432 --a------ C:\wskrote.exe
2009-02-11 14:57 . 2009-02-11 14:57 40,448 --a------ C:\kvkglog.exe
2009-02-11 14:57 . 2009-02-11 14:57 8,192 --a------ C:\jxnx.exe
2009-02-11 14:57 . 2009-02-11 14:57 705 --a------ C:\jwfmld.exe
2009-02-10 09:22 . 2009-02-10 09:22 <DIR> d-------- c:\program files\ERUNT
2009-02-08 02:03 . 2009-02-08 02:03 <DIR> d-------- c:\program files\AskBarDis
2009-02-08 02:03 . 2009-02-08 02:03 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2009-02-08 02:03 . 2009-02-08 02:03 <DIR> d-------- c:\documents and settings\John\Application Data\Sammsoft
2009-02-08 01:38 . 2009-02-08 01:38 <DIR> d-------- c:\program files\Trend Micro
2009-02-07 13:23 . 2009-02-11 18:55 4 --a------ c:\windows\muykbnhs
2009-02-07 13:05 . 2009-02-07 13:05 302,080 --a------ c:\windows\SYSTEM32\vtUkjGxW.dll
2009-02-05 19:54 . 2009-02-05 19:54 304,640 --a------ c:\windows\SYSTEM32\tuvVNGyW.dll
2009-02-04 21:44 . 2009-02-04 21:44 304,128 --a------ c:\windows\SYSTEM32\awtutssq.dll.vir
2009-02-04 21:44 . 2009-02-07 13:14 1,520 --a------ c:\windows\guhfxcdk
2009-02-04 21:32 . 2009-02-04 21:32 48,640 --a------ c:\windows\SYSTEM32\awtrqRjh.dll
2009-01-24 15:38 . 2009-01-24 15:38 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 21:25 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-07 18:12 --------- d-----w c:\documents and settings\Drew\Application Data\uTorrent
2009-02-05 02:32 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-03 06:14 40,746 ----a-w c:\documents and settings\Drew\Application Data\wklnhst.dat
2009-01-30 00:49 --------- d-----w c:\documents and settings\John\Application Data\ZoomBrowser EX
2009-01-30 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-24 20:36 --------- d-----w c:\program files\Common Files\Intuit
2009-01-24 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-01-24 20:34 --------- d-----w c:\program files\TurboTax
2009-01-24 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-23 01:05 19,372 ----a-w c:\documents and settings\John\Application Data\wklnhst.dat
2009-01-13 03:23 4,440 ----a-w c:\documents and settings\Jordan\Application Data\wklnhst.dat
2009-01-02 00:46 --------- d-----w c:\documents and settings\John\Application Data\vlc
2008-12-31 21:08 --------- d-----w c:\program files\Buddy Icon Maker
2008-12-27 02:12 --------- d-----w c:\documents and settings\Drew\Application Data\Red Alert 3
2008-12-26 20:59 --------- d-----w c:\documents and settings\Jordan\Application Data\Red Alert 3
2008-12-26 20:23 --------- d--h--r c:\documents and settings\Jordan\Application Data\SecuROM
2008-12-26 19:06 --------- d-----w c:\program files\Electronic Arts
2008-12-24 03:55 --------- d-----w c:\documents and settings\Drew\Application Data\vlc
2008-12-15 01:23 --------- d-----w c:\documents and settings\Jordan\Application Data\DivX
2008-12-15 01:22 --------- d-----w c:\program files\Vivaty
2008-12-10 05:56 162 ----a-w c:\documents and settings\New Drew\Application Data\wklnhst.dat
2008-07-22 17:56 8,514 ----a-w c:\documents and settings\Ginny\Application Data\wklnhst.dat
2008-03-14 19:25 246 ----a-w c:\documents and settings\TEMP\Application Data\wklnhst.dat
2007-09-27 20:04 6,016,952 ----a-w c:\program files\Firefox Setup 2.0.0.7.exe
2007-09-06 19:48 84,904 ----a-w c:\documents and settings\Drew\Application Data\GDIPFONTCACHEV1.DAT
2007-08-02 00:36 407,680 ----a-w c:\documents and settings\Drew\aim95.exe
2006-12-12 19:19 1,005,104 ----a-w c:\documents and settings\Drew\aolsetup.exe
2006-12-04 03:49 11,468 ----a-w c:\documents and settings\Drew\Xpcs Registry.dat
2006-08-01 19:39 116,979 ----a-w c:\documents and settings\Drew\uninstll.exe
2006-08-01 19:36 1,511,424 ----a-w c:\documents and settings\Drew\AimRes.dll
2006-08-01 19:35 67,112 ----a-w c:\documents and settings\Drew\aim.exe
2006-08-01 19:28 131,072 ----a-w c:\documents and settings\Drew\ateima32.dll
2006-08-01 19:27 233,472 ----a-w c:\documents and settings\Drew\AimSecondarySvcs.dll
2006-08-01 19:24 192,512 ----a-w c:\documents and settings\Drew\AimCoreSvcs.dll
2006-08-01 19:23 114,688 ----a-w c:\documents and settings\Drew\aimapi.dll
2006-08-01 19:22 19,968 ----a-w c:\documents and settings\Drew\aimtalk.dll
2006-08-01 19:22 155,648 ----a-w c:\documents and settings\Drew\aimauto.exe
2006-08-01 19:21 229,376 ----a-w c:\documents and settings\Drew\wndutils.dll
2006-08-01 19:17 106,496 ----a-w c:\documents and settings\Drew\aimax.dll
2006-08-01 19:16 192,512 ----a-w c:\documents and settings\Drew\oscore.dll
2006-08-01 19:16 192,512 ----a-w c:\documents and settings\Drew\ate32.dll
2006-08-01 19:16 151,552 ----a-w c:\documents and settings\Drew\oscarui.dll
2006-08-01 19:15 4,608 ----a-w c:\documents and settings\Drew\idlemon.dll
2006-07-31 20:56 135,168 ----a-w c:\documents and settings\Drew\sb.dll
2006-07-25 20:19 180,224 ----a-w c:\documents and settings\Drew\rtvideo.dll
2006-07-25 20:16 13,312 ----a-w c:\documents and settings\Drew\oscres.dll
2006-07-25 17:28 49,152 ----a-w c:\documents and settings\Drew\chksign.dll
2006-07-25 17:13 2,048 ----a-w c:\documents and settings\Drew\ShareFile.exe
2006-07-25 17:13 2,048 ----a-w c:\documents and settings\Drew\SendFile.exe
2006-07-25 17:03 229,376 ----a-w c:\documents and settings\Drew\inetsocket.dll
2006-07-25 16:54 110,592 ----a-w c:\documents and settings\Drew\AIM_xmlp.dll
2006-03-13 00:58 557,056 ----a-w c:\documents and settings\John\chatlnk.exe
2005-07-11 04:39 245,408 ----a-w c:\documents and settings\Drew\unicows.dll
2005-06-16 21:46 81,920 ----a-w c:\documents and settings\Drew\AIMToday.dll
2005-06-14 19:09 217,088 ----a-w c:\documents and settings\Drew\xprt5.dll
2004-08-18 17:56 372,736 ----a-w c:\documents and settings\Drew\softokn3.dll
2004-08-18 17:56 348,160 ----a-w c:\documents and settings\Drew\nss3.dll
2004-08-18 17:56 176,128 ----a-w c:\documents and settings\Drew\nssckbi.dll
2004-08-18 17:56 110,592 ----a-w c:\documents and settings\Drew\ssl3.dll
2004-08-18 17:56 106,496 ----a-w c:\documents and settings\Drew\smime3.dll
2004-07-22 14:43 61,440 ----a-w c:\documents and settings\Drew\coolhttp.dll
2004-07-22 14:43 57,344 ----a-w c:\documents and settings\Drew\coolsecnss.dll
2004-07-22 14:43 3,584 ----a-w c:\documents and settings\Drew\coolsos.dll
2004-07-22 14:43 184,320 ----a-w c:\documents and settings\Drew\coolbos.dll
2004-07-22 14:43 114,688 ----a-w c:\documents and settings\Drew\coolbucky.dll
2004-07-22 14:43 106,496 ----a-w c:\documents and settings\Drew\coolpeer.dll
2004-07-22 14:42 8,192 ----a-w c:\documents and settings\Drew\xptl.dll
2004-07-22 14:42 73,728 ----a-w c:\documents and settings\Drew\coolsocket.dll
2004-07-22 14:41 135,168 ----a-w c:\documents and settings\Drew\xprt.dll
2004-07-22 14:41 13,824 ----a-w c:\documents and settings\Drew\xpcs.dll
2004-05-18 21:55 81,920 ----a-w c:\documents and settings\Drew\xmltok.dll
2004-05-18 21:55 53,248 ----a-w c:\documents and settings\Drew\xmlparse.dll
2004-04-16 20:27 94,208 ----a-w c:\documents and settings\Drew\jgtktlk.dll
2004-04-16 20:27 65,536 ----a-w c:\documents and settings\Drew\jgattlk.dll
2004-04-16 20:27 61,440 ----a-w c:\documents and settings\Drew\jgedtlk.dll
2004-04-16 20:27 45,056 ----a-w c:\documents and settings\Drew\jgsetlk.dll
2004-04-16 20:27 45,056 ----a-w c:\documents and settings\Drew\jga0tlk.dll
2004-04-16 20:27 40,960 ----a-w c:\documents and settings\Drew\jgs6tlk.dll
2004-04-16 20:27 40,960 ----a-w c:\documents and settings\Drew\jgs2tlk.dll
2004-04-16 20:27 36,864 ----a-w c:\documents and settings\Drew\jga1tlk.dll
2004-04-16 20:27 32,768 ----a-w c:\documents and settings\Drew\jgs7tlk.dll
2004-04-16 20:27 32,768 ----a-w c:\documents and settings\Drew\jgs3tlk.dll
2004-01-09 15:38 28,672 ----a-w c:\documents and settings\Drew\plc4.dll
2004-01-09 15:38 24,576 ----a-w c:\documents and settings\Drew\plds4.dll
2004-01-09 15:38 159,744 ----a-w c:\documents and settings\Drew\nspr4.dll
2002-07-18 15:00 139,264 ----a-w c:\documents and settings\Drew\dunzip32.dll
2001-09-28 21:00 164,864 ----a-w c:\documents and settings\Drew\unwise32.exe
2000-02-16 22:12 50,176 ----a-w c:\documents and settings\Drew\csh.dll
2008-09-09 13:57 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_11.01.20.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-16 20:24:09 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 20:24:09 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 20:24:09 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 20:24:09 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 20:24:09 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 20:24:09 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 20:24:09 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 20:24:09 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 20:24:09 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 20:24:09 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 20:24:09 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 20:24:09 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 20:24:10 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 20:24:10 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 20:24:10 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 20:24:10 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 20:24:10 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 20:24:10 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 20:24:10 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 20:24:10 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 20:24:10 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 20:24:10 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 20:24:11 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 20:24:11 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 20:24:11 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-12-13 06:26:56 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2006-10-19 01:03:58 100,864 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 14:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2006-10-19 02:47:20 937,984 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2006-10-19 02:47:22 2,450,944 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2008-04-14 00:12:07 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-04-14 00:12:38 60,416 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2008-04-14 00:11:54 285,184 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2009-01-24 20:36:09 28,672 ----a-w c:\windows\ASSEMBLY\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\Common.Logging.dll
+ 2009-01-24 20:36:14 755,712 ----a-w c:\windows\ASSEMBLY\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.DLL
+ 2009-01-24 20:36:09 106,496 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\antlr.runtime\2.7.6.2__65e474d141e25e07\antlr.runtime.dll
+ 2009-01-24 20:36:09 10,240 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\BackgroundCopyManager\1.0.0.0__9e3a83f3f863854b\BackgroundCopyManager.dll
+ 2009-01-24 20:36:09 77,824 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Castle.DynamicProxy\1.1.5.0__407dd0808d44fbdc\Castle.DynamicProxy.dll
+ 2009-01-24 20:36:09 32,768 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Iesi.Collections\1.0.0.3__aa95f207798dfdb4\Iesi.Collections.dll
+ 2009-02-07 18:31:05 130,848 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2009-02-07 18:31:05 72,992 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
+ 2009-02-07 18:31:06 54,560 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2009-02-07 18:31:06 120,608 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2009-02-07 18:31:06 197,920 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.145.2__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2009-02-07 18:31:06 217,376 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.2__540d4816ead86321\Intuit.Spc.Esd.Core.dll
+ 2009-02-07 18:31:06 400,672 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2009-02-07 18:31:06 40,224 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2009-02-07 18:31:07 44,320 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2009-01-24 20:36:10 12,064 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2009-01-24 20:36:10 23,840 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
+ 2009-02-07 18:31:07 47,392 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2009-02-07 18:31:07 341,792 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2009-02-07 18:31:07 18,720 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2009-01-24 20:36:11 106,496 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Component\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Component.dll
+ 2009-01-24 20:36:12 458,752 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
+ 2009-01-24 20:36:11 10,752 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.PortabilitySpecific30\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.PortabilitySpecific30.dll
+ 2009-01-24 20:36:11 73,728 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
+ 2009-01-24 20:36:11 65,536 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
+ 2009-01-24 20:36:12 45,056 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
+ 2009-01-24 20:36:11 65,536 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Primary.Serialization\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Serialization.dll
+ 2009-01-24 20:36:11 15,360 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Primary.VersionManager\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.VersionManager.dll
+ 2009-01-24 20:36:11 45,056 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Primary.Xml\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Xml.dll
+ 2009-01-24 20:36:11 20,480 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Primary\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.dll
+ 2009-01-24 20:36:11 53,248 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.ClientUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.ClientUtil.dll
+ 2009-01-24 20:36:11 651,264 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity.dll
+ 2009-01-24 20:36:11 217,088 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.dll
+ 2009-01-24 20:36:11 94,208 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccessUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccessUtil.dll
+ 2009-01-24 20:36:11 45,056 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Installer\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Installer.dll
+ 2009-01-24 20:36:11 94,208 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Orchestration\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Orchestration.dll
+ 2009-01-24 20:36:11 69,632 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil.dll
+ 2009-01-24 20:36:12 106,496 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific.dll
+ 2009-01-24 20:36:11 53,248 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Repository\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Repository.dll
+ 2009-01-24 20:36:11 45,056 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.RestServices\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.RestServices.dll
+ 2009-01-24 20:40:47 397,312 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2009-01-24 20:40:47 53,248 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2009-01-24 20:40:47 47,104 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.3rdParty.ObjectBuilder\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.ObjectBuilder.dll
+ 2009-01-24 20:40:47 176,128 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2009-01-24 20:40:47 162,816 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.Core.Plugin\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.Plugin.dll
+ 2009-01-24 20:40:46 86,016 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.Core\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2009-01-24 20:40:47 471,040 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2009-01-24 20:40:47 108,544 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.Search\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2009-01-24 20:40:47 16,384 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2009-01-24 20:40:47 1,058,304 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2009-01-24 20:36:13 114,688 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Core\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Core.dll
+ 2009-01-24 20:36:13 57,344 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.ExternalApi\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.ExternalApi.dll
+ 2009-01-24 20:36:13 221,184 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Protocol\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Protocol.dll
+ 2009-01-24 20:36:13 270,336 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
+ 2009-01-24 20:36:13 884,736 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
+ 2009-01-24 20:36:13 1,085,440 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\NHibernate\1.2.0.4000__aa95f207798dfdb4\NHibernate.dll
+ 2009-01-24 20:36:14 143,360 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Spring.Aop\1.1.0.2__65e474d141e25e07\Spring.Aop.dll
+ 2009-01-24 20:36:14 602,112 ----a-w c:\windows\ASSEMBLY\GAC_MSIL\Spring.Core\1.1.0.2__65e474d141e25e07\Spring.Core.dll
+ 2009-01-24 20:40:45 130,848 ------w c:\windows\ASSEMBLY\TEMP\8DIB05M7SL\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2009-01-24 20:40:46 217,376 ------w c:\windows\ASSEMBLY\TEMP\AF0XUN0LIB\Intuit.Spc.Esd.Core.dll
+ 2009-01-24 20:40:45 72,480 ------w c:\windows\ASSEMBLY\TEMP\E34527WL6F\Intuit.Spc.Esd.Client.Common.dll
+ 2009-01-24 20:40:46 44,320 ------w c:\windows\ASSEMBLY\TEMP\G1MZO9MJKP\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2009-01-24 20:40:45 120,608 ------w c:\windows\ASSEMBLY\TEMP\GH2ZWTYJSL\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2009-01-24 20:40:39 54,560 ------w c:\windows\ASSEMBLY\TEMP\IFKX2BGXIF\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2009-01-24 20:40:46 197,920 ------w c:\windows\ASSEMBLY\TEMP\KX2F8XAROD\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2009-01-24 20:40:46 341,792 ------w c:\windows\ASSEMBLY\TEMP\STUNS1URCT\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2009-01-24 20:40:46 400,672 ------w c:\windows\ASSEMBLY\TEMP\YZ85MN812J\Intuit.Spc.Esd.WinClient.Api.Net.dll
- 2008-10-15 18:03:03 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2008-12-09 21:39:59 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\2-10-2009\ERDNT.EXE
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-11-2009\ERDNT.EXE
+ 2009-02-11 19:55:45 8,601,600 ----a-w c:\windows\ERDNT\AutoBackup\2-11-2009\Users\00000001\NTUSER.DAT
+ 2009-02-11 19:55:45 229,376 ----a-w c:\windows\ERDNT\AutoBackup\2-11-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-11\ERDNT.EXE
+ 2009-02-12 00:12:26 8,601,600 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-11\Users\00000001\NTUSER.DAT
+ 2009-02-12 00:12:27 229,376 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-11\Users\00000002\UsrClass.dat
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-12-05 05:09:12 10,477,568 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-02-11 22:01:08 8,601,600 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-12-05 05:09:12 118,784 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-02-11 22:01:08 229,376 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-12-26 19:05:49 29,310 ----a-r c:\windows\Installer\{296D8550-CB06-48E4-9A8B-E5034FB64715}\ra3.exe
+ 2009-02-07 18:31:10 313,096 ----a-r c:\windows\Installer\{88214092-836F-4E22-A5AC-569AC9EE6A0F}\TurboTax.exe
- 2008-11-13 08:06:26 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-24 15:54:29 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 08:06:26 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-24 15:54:30 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 08:06:26 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-24 15:54:30 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-13 08:06:26 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-01-24 15:54:30 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-13 08:06:26 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-24 15:54:30 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 08:06:26 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-24 15:54:30 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 08:06:26 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-24 15:54:30 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 08:06:26 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-24 15:54:30 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 08:06:26 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-24 15:54:30 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 08:06:26 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-24 15:54:30 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 08:06:26 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-24 15:54:30 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 08:06:26 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-24 15:54:30 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-15 01:22:10 65,536 ----a-r c:\windows\Installer\{B82C38F7-E305-465D-A00E-E8D29D587746}\ARPPRODUCTICON.exe
+ 2008-12-15 01:22:10 65,536 ----a-r c:\windows\Installer\{B82C38F7-E305-465D-A00E-E8D29D587746}\NewShortcut1_F1EE8EEE204A471E99E59D2469EC6D8D.exe
+ 2008-12-15 01:22:10 8,854 ----a-r c:\windows\Installer\{B82C38F7-E305-465D-A00E-E8D29D587746}\UNINST_Uninstall_V_9737DAA7058A49AC9DD8A684DD72D923.exe
+ 2008-12-15 01:22:10 45,056 ----a-r c:\windows\Installer\{B82C38F7-E305-465D-A00E-E8D29D587746}\vivaty.exe_89B77DDCDDF2461CA8A3BE61D2FD676F.exe
+ 2008-12-15 01:22:10 65,536 ----a-r c:\windows\Installer\{B82C38F7-E305-465D-A00E-E8D29D587746}\VivatyPlayer.exe_24074F28B7C44AA6BF5A3791A309FE8E.exe
- 2008-10-19 02:34:58 102,400 ----a-r c:\windows\Installer\{EA418519-2160-43A0-AABD-6608DDD8D87F}\iTunesIco.exe
+ 2008-12-10 02:11:33 102,400 ----a-r c:\windows\Installer\{EA418519-2160-43A0-AABD-6608DDD8D87F}\iTunesIco.exe
+ 2008-12-26 19:06:50 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ARPPRODUCTICON.exe
+ 2008-12-26 19:06:50 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_desktop_shortcut_F557710133CC471182353A95BCD49DB0.exe
+ 2008-12-26 19:06:50 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_startmenu_shortc_F557710133CC471182353A95BCD49DB0.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2007-12-06 02:43:31 107,888 ----a-w c:\windows\SYSTEM32\CmdLineExt.dll
+ 2008-12-26 19:12:26 107,888 ----a-w c:\windows\SYSTEM32\CmdLineExt.dll
- 2008-12-05 03:05:27 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-02-11 23:34:17 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-12-05 03:05:27 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-11 23:34:17 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-05 03:05:27 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-11 23:34:17 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-19 23:14:42 1,358,192 ----a-w c:\windows\SYSTEM32\D3DCompiler_35.dll
+ 2008-05-30 19:11:46 1,491,992 ----a-w c:\windows\SYSTEM32\D3DCompiler_38.dll
+ 2007-07-19 23:14:42 444,776 ----a-w c:\windows\SYSTEM32\d3dx10_35.dll
+ 2008-05-30 19:11:46 467,984 ----a-w c:\windows\SYSTEM32\d3dx10_38.dll
+ 2007-07-19 23:14:42 3,727,720 ----a-w c:\windows\SYSTEM32\d3dx9_35.dll
+ 2008-05-30 19:11:46 3,850,760 ----a-w c:\windows\SYSTEM32\D3DX9_38.dll
- 2008-08-26 07:24:28 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-23 12:36:14 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2008-08-25 08:37:59 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-08-25 08:38:00 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2008-08-23 05:56:15 635,848 --s-a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2008-10-15 07:06:26 633,632 --s-a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-09-08 10:41:42 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
+ 2008-12-11 10:57:09 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
- 2008-04-14 00:12:07 246,814 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
- 2008-08-26 07:24:30 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-08-26 07:24:31 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2008-09-08 10:41:42 333,824 ----a-w c:\windows\SYSTEM32\DRIVERS\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\SYSTEM32\DRIVERS\srv.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
- 2008-10-16 07:13:02 342,624 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2009-02-05 02:36:58 350,584 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\SYSTEM32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\SYSTEM32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\SYSTEM32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\SYSTEM32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\SYSTEM32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\SYSTEM32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\WMVCore.dll
+ 2009-02-11 23:57:11 20,585 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\0a6b9f23e356336cc61530f586d0c66a.dll
+ 2009-02-11 23:57:10 28,787 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\1ff4eae997b1753d848dbbc61d1b4345.dll
+ 2009-02-11 23:57:10 36,981 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\31aa023220b46a62dd91739a3bf1cad4.dll
+ 2009-02-11 23:57:10 28,789 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\36971e8ed4d19cc0a7051079b039c204.dll
+ 2009-02-11 23:57:09 20,571 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\42db37dadb779dbfc5da8bdd7ec61c52.dll
+ 2009-02-11 23:57:09 24,671 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\44abde5de65f3f034faac2c132713018.dll
+ 2009-02-11 23:57:09 77,941 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\7aace6f21e4c397996b145b7fd777643.dll
+ 2009-02-11 23:57:09 24,675 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\7acaa276f32e012922082aa697dfa218.dll
+ 2009-02-11 23:57:11 24,665 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\89f4ac43ba2b792785d9d472365e562b.dll
+ 2009-02-11 23:57:09 32,873 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\8d3b343ab48cfb6b14fa9d0dc35ce9e6.dll
+ 2009-02-11 23:57:10 28,767 ----a-w c:\windows\Temp\pdk-SYSTEM-1832\b2774d247dfbf0abe8539e577ee59b4c.dll
+ 2009-02-11 23:57:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2009-02-07 18:31:06 40,224 ----a-w c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.10_x-ww_a732e08\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2009-02-07 18:31:07 44,320 ----a-w c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.10_x-ww_c5e9e600\Intuit.Spc.Esd.WinClient.Application.Update.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

javertno1
2009-02-12, 02:38
ComboFix Part 2

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-02-11 17:26 35328 --a------ c:\windows\system32\fcccdDsT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1153770788\ee\AOLSoftware.exe" [2008-06-24 41824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-05 50688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2003-12-05 725046]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"Gyivonusoh"="c:\windows\uwofoseqova.dll" [2009-02-11 132096]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\New Drew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\Drew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\Ginny\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\John\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-06-24 41824]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\EHOME\RMSysTry.exe [2005-10-20 18432]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\fcccdDsT.dll" [2009-02-11 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccdDsT]
2009-02-11 17:26 35328 c:\windows\SYSTEM32\fcccdDsT.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nvuhga.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2006-10-16 20:40 1197648 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 02:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 11:43 57344 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 02:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 17:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 13:56 64512 c:\windows\EHOME\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 07:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-06-29 12:23 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 22:02 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--------- 2003-12-05 23:08 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 12:03 135168 c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-11-11 18:10 4583424 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6310DMon]
--a------ 2006-10-03 12:12 75376 c:\program files\Canon\Memory Card Utility\iP6310D\PDUiP6310DMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-03-11 10:50 28672 c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-05-16 10:50 19968 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Drew\\aim.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Drew\\My Documents\\My Music\\Azureus\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [2005-02-26 6097]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Reporting;Reporting Agents;c:\program files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe [2007-03-14 1324760]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-15 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
S0 muykbnhs;muykbnhs;c:\windows\SYSTEM32\DRIVERS\vmkgivxh.sys []
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\SYSTEM32\DRIVERS\lgatbus.sys [2005-03-20 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\SYSTEM32\DRIVERS\lgatmdm.sys [2005-03-20 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\lgatserd.sys [2005-03-20 60816]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [2005-02-26 299923]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hsfd83jfdg.dll
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hsfd83jfdg.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: turbotax.com
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/install.cab
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\4wzy7s4r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopab&query=
FF - plugin: c:\documents and settings\Drew\My Documents\My Music\screenshots\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Vivaty\VivatyPlayer\npflux.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 19:11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\explorer.exe [2088] 0x85A47DA0

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\vmkgivxh.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\fcccdDsT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\EHOME\ehrecvr.exe
c:\windows\EHOME\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\windows\SYSTEM32\CBA\PDS.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\hpzipm12.exe
c:\windows\EHOME\RMSvc.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\AMS_II\IAO.EXE
c:\windows\SYSTEM32\MSGSYS.EXE
c:\windows\SYSTEM32\CBA\XFR.EXE
c:\windows\EHOME\McrdSvc.exe
c:\windows\SYSTEM32\AMS_II\HNDLRSVC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\dllhost.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-11 19:18:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-12 00:18:37
ComboFix2.txt 2008-12-06 16:02:27

Pre-Run: 35,121,983,488 bytes free
Post-Run: 35,309,084,672 bytes free

837 --- E O F --- 2009-01-24 15:54:32

peku006
2009-02-12, 11:26
Hi javertno1

Were most/all of the infections in Drew's account?
I do not see it, only when they have become

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

1 - Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):


O2 - BHO: {609b874c-f4d9-6458-bb24-41eaa109d043} - {340d901a-ae14-42bb-8546-9d4fc478b906} - C:\WINDOWS\system32\wijrhg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fcccdDsT.dll
O4 - HKLM\..\Run: [Gyivonusoh] rundll32.exe "C:\WINDOWS\uwofoseqova.dll",e
O20 - AppInit_DLLs: nvuhga.dll
O20 - Winlogon Notify: fcccdDsT - C:\WINDOWS\SYSTEM32\fcccdDsT.dll


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

2 - Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



File::
c:\windows\uwofoseqova.dll
c:\windows\SYSTEM32\fcccdDsT.dll
c:\windows\SYSTEM32\clickfile.exe
c:\windows\SYSTEM32\fejokt.dll
C:\pfgiuuo.exe
c:\windows\SYSTEM32\hinwyygr.dll
C:\wskrote.exe
C:\kvkglog.exe
C:\jxnx.exe
C:\jwfmld.exe
c:\windows\muykbnhs
c:\windows\SYSTEM32\vtUkjGxW.dll
c:\windows\SYSTEM32\tuvVNGyW.dll
c:\windows\SYSTEM32\awtutssq.dll.vir
c:\windows\guhfxcdk
c:\windows\SYSTEM32\awtrqRjh.dll
c:\windows\uwofoseqova.dll
c:\windows\SYSTEM32\DRIVERS\vmkgivxh.sys
C:\WINDOWS\system32\wijrhg.dll
c:\windows\SYSTEM32\sf.ico
c:\windows\SYSTEM32\m3.ico

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyivonusoh"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccdDsT]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Driver::
muykbnhs


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

3 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log

Thanks peku006

javertno1
2009-02-12, 18:20
Your first step was for me to remove uTorrent. This was not listed. Could it be called something else?

I followed the other steps and here are the logs (HijackThis log will be sent separately). Thank you.

ComboFix 09-02-11.02 - John 2009-02-12 8:39:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.425 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
C:\jwfmld.exe
C:\jxnx.exe
C:\kvkglog.exe
C:\pfgiuuo.exe
c:\windows\guhfxcdk
c:\windows\muykbnhs
c:\windows\SYSTEM32\awtrqRjh.dll
c:\windows\SYSTEM32\awtutssq.dll.vir
c:\windows\SYSTEM32\clickfile.exe
c:\windows\SYSTEM32\DRIVERS\vmkgivxh.sys
c:\windows\SYSTEM32\fcccdDsT.dll
c:\windows\SYSTEM32\fejokt.dll
c:\windows\SYSTEM32\hinwyygr.dll
c:\windows\SYSTEM32\m3.ico
c:\windows\SYSTEM32\sf.ico
c:\windows\SYSTEM32\tuvVNGyW.dll
c:\windows\SYSTEM32\vtUkjGxW.dll
c:\windows\system32\wijrhg.dll
c:\windows\uwofoseqova.dll
C:\wskrote.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\jwfmld.exe
C:\jxnx.exe
C:\kvkglog.exe
C:\pfgiuuo.exe
c:\windows\guhfxcdk
c:\windows\muykbnhs
c:\windows\SYSTEM32\awtrqRjh.dll
c:\windows\SYSTEM32\awtutssq.dll.vir
c:\windows\system32\byXOICtr.dll
c:\windows\SYSTEM32\clickfile.exe
c:\windows\system32\ddcCVOFX.dll
c:\windows\SYSTEM32\fcccdDsT.dll
c:\windows\SYSTEM32\fejokt.dll
c:\windows\SYSTEM32\hinwyygr.dll
c:\windows\SYSTEM32\m3.ico
c:\windows\system32\sdkhjq.dll
c:\windows\SYSTEM32\sf.ico
c:\windows\SYSTEM32\tuvVNGyW.dll
c:\windows\SYSTEM32\vtUkjGxW.dll
c:\windows\system32\wijrhg.dll
c:\windows\uwofoseqova.dll
C:\wskrote.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MUYKBNHS
-------\Service_muykbnhs


((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2009-02-10 09:22 . 2009-02-10 09:22 <DIR> d-------- c:\program files\ERUNT
2009-02-08 02:03 . 2009-02-08 02:03 <DIR> d-------- c:\program files\AskBarDis
2009-02-08 02:03 . 2009-02-08 02:03 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2009-02-08 02:03 . 2009-02-08 02:03 <DIR> d-------- c:\documents and settings\John\Application Data\Sammsoft
2009-02-08 01:38 . 2009-02-08 01:38 <DIR> d-------- c:\program files\Trend Micro
2009-02-07 13:05 . 2009-02-07 13:05 25,088 --a------ c:\windows\SYSTEM32\DRIVERS\vmkgivxh.sys
2009-01-24 15:38 . 2009-01-24 15:38 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-07 21:25 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-07 18:12 --------- d-----w c:\documents and settings\Drew\Application Data\uTorrent
2009-02-05 02:32 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-03 06:14 40,746 ----a-w c:\documents and settings\Drew\Application Data\wklnhst.dat
2009-01-30 00:49 --------- d-----w c:\documents and settings\John\Application Data\ZoomBrowser EX
2009-01-30 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-24 20:36 --------- d-----w c:\program files\Common Files\Intuit
2009-01-24 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-01-24 20:34 --------- d-----w c:\program files\TurboTax
2009-01-23 01:05 19,372 ----a-w c:\documents and settings\John\Application Data\wklnhst.dat
2009-01-13 03:23 4,440 ----a-w c:\documents and settings\Jordan\Application Data\wklnhst.dat
2009-01-02 00:46 --------- d-----w c:\documents and settings\John\Application Data\vlc
2008-12-31 21:08 --------- d-----w c:\program files\Buddy Icon Maker
2008-12-27 02:12 --------- d-----w c:\documents and settings\Drew\Application Data\Red Alert 3
2008-12-26 20:59 --------- d-----w c:\documents and settings\Jordan\Application Data\Red Alert 3
2008-12-26 20:23 --------- d--h--r c:\documents and settings\Jordan\Application Data\SecuROM
2008-12-26 19:06 --------- d-----w c:\program files\Electronic Arts
2008-12-24 03:55 --------- d-----w c:\documents and settings\Drew\Application Data\vlc
2008-12-15 01:23 --------- d-----w c:\documents and settings\Jordan\Application Data\DivX
2008-12-15 01:22 --------- d-----w c:\program files\Vivaty
2008-12-10 05:56 162 ----a-w c:\documents and settings\New Drew\Application Data\wklnhst.dat
2008-07-22 17:56 8,514 ----a-w c:\documents and settings\Ginny\Application Data\wklnhst.dat
2008-03-14 19:25 246 ----a-w c:\documents and settings\TEMP\Application Data\wklnhst.dat
2007-09-27 20:04 6,016,952 ----a-w c:\program files\Firefox Setup 2.0.0.7.exe
2007-09-06 19:48 84,904 ----a-w c:\documents and settings\Drew\Application Data\GDIPFONTCACHEV1.DAT
2007-08-02 00:36 407,680 ----a-w c:\documents and settings\Drew\aim95.exe
2006-12-12 19:19 1,005,104 ----a-w c:\documents and settings\Drew\aolsetup.exe
2006-12-04 03:49 11,468 ----a-w c:\documents and settings\Drew\Xpcs Registry.dat
2006-08-01 19:39 116,979 ----a-w c:\documents and settings\Drew\uninstll.exe
2006-08-01 19:36 1,511,424 ----a-w c:\documents and settings\Drew\AimRes.dll
2006-08-01 19:35 67,112 ----a-w c:\documents and settings\Drew\aim.exe
2006-08-01 19:28 131,072 ----a-w c:\documents and settings\Drew\ateima32.dll
2006-08-01 19:27 233,472 ----a-w c:\documents and settings\Drew\AimSecondarySvcs.dll
2006-08-01 19:24 192,512 ----a-w c:\documents and settings\Drew\AimCoreSvcs.dll
2006-08-01 19:23 114,688 ----a-w c:\documents and settings\Drew\aimapi.dll
2006-08-01 19:22 19,968 ----a-w c:\documents and settings\Drew\aimtalk.dll
2006-08-01 19:22 155,648 ----a-w c:\documents and settings\Drew\aimauto.exe
2006-08-01 19:21 229,376 ----a-w c:\documents and settings\Drew\wndutils.dll
2006-08-01 19:17 106,496 ----a-w c:\documents and settings\Drew\aimax.dll
2006-08-01 19:16 192,512 ----a-w c:\documents and settings\Drew\oscore.dll
2006-08-01 19:16 192,512 ----a-w c:\documents and settings\Drew\ate32.dll
2006-08-01 19:16 151,552 ----a-w c:\documents and settings\Drew\oscarui.dll
2006-08-01 19:15 4,608 ----a-w c:\documents and settings\Drew\idlemon.dll
2006-07-31 20:56 135,168 ----a-w c:\documents and settings\Drew\sb.dll
2006-07-25 20:19 180,224 ----a-w c:\documents and settings\Drew\rtvideo.dll
2006-07-25 20:16 13,312 ----a-w c:\documents and settings\Drew\oscres.dll
2006-07-25 17:28 49,152 ----a-w c:\documents and settings\Drew\chksign.dll
2006-07-25 17:13 2,048 ----a-w c:\documents and settings\Drew\ShareFile.exe
2006-07-25 17:13 2,048 ----a-w c:\documents and settings\Drew\SendFile.exe
2006-07-25 17:03 229,376 ----a-w c:\documents and settings\Drew\inetsocket.dll
2006-07-25 16:54 110,592 ----a-w c:\documents and settings\Drew\AIM_xmlp.dll
2006-03-13 00:58 557,056 ----a-w c:\documents and settings\John\chatlnk.exe
2005-07-11 04:39 245,408 ----a-w c:\documents and settings\Drew\unicows.dll
2005-06-16 21:46 81,920 ----a-w c:\documents and settings\Drew\AIMToday.dll
2005-06-14 19:09 217,088 ----a-w c:\documents and settings\Drew\xprt5.dll
2004-08-18 17:56 372,736 ----a-w c:\documents and settings\Drew\softokn3.dll
2004-08-18 17:56 348,160 ----a-w c:\documents and settings\Drew\nss3.dll
2004-08-18 17:56 176,128 ----a-w c:\documents and settings\Drew\nssckbi.dll
2004-08-18 17:56 110,592 ----a-w c:\documents and settings\Drew\ssl3.dll
2004-08-18 17:56 106,496 ----a-w c:\documents and settings\Drew\smime3.dll
2004-07-22 14:43 61,440 ----a-w c:\documents and settings\Drew\coolhttp.dll
2004-07-22 14:43 57,344 ----a-w c:\documents and settings\Drew\coolsecnss.dll
2004-07-22 14:43 3,584 ----a-w c:\documents and settings\Drew\coolsos.dll
2004-07-22 14:43 184,320 ----a-w c:\documents and settings\Drew\coolbos.dll
2004-07-22 14:43 114,688 ----a-w c:\documents and settings\Drew\coolbucky.dll
2004-07-22 14:43 106,496 ----a-w c:\documents and settings\Drew\coolpeer.dll
2004-07-22 14:42 8,192 ----a-w c:\documents and settings\Drew\xptl.dll
2004-07-22 14:42 73,728 ----a-w c:\documents and settings\Drew\coolsocket.dll
2004-07-22 14:41 135,168 ----a-w c:\documents and settings\Drew\xprt.dll
2004-07-22 14:41 13,824 ----a-w c:\documents and settings\Drew\xpcs.dll
2004-05-18 21:55 81,920 ----a-w c:\documents and settings\Drew\xmltok.dll
2004-05-18 21:55 53,248 ----a-w c:\documents and settings\Drew\xmlparse.dll
2004-04-16 20:27 94,208 ----a-w c:\documents and settings\Drew\jgtktlk.dll
2004-04-16 20:27 65,536 ----a-w c:\documents and settings\Drew\jgattlk.dll
2004-04-16 20:27 61,440 ----a-w c:\documents and settings\Drew\jgedtlk.dll
2004-04-16 20:27 45,056 ----a-w c:\documents and settings\Drew\jgsetlk.dll
2004-04-16 20:27 45,056 ----a-w c:\documents and settings\Drew\jga0tlk.dll
2004-04-16 20:27 40,960 ----a-w c:\documents and settings\Drew\jgs6tlk.dll
2004-04-16 20:27 40,960 ----a-w c:\documents and settings\Drew\jgs2tlk.dll
2004-04-16 20:27 36,864 ----a-w c:\documents and settings\Drew\jga1tlk.dll
2004-04-16 20:27 32,768 ----a-w c:\documents and settings\Drew\jgs7tlk.dll
2004-04-16 20:27 32,768 ----a-w c:\documents and settings\Drew\jgs3tlk.dll
2004-01-09 15:38 28,672 ----a-w c:\documents and settings\Drew\plc4.dll
2004-01-09 15:38 24,576 ----a-w c:\documents and settings\Drew\plds4.dll
2004-01-09 15:38 159,744 ----a-w c:\documents and settings\Drew\nspr4.dll
2002-07-18 15:00 139,264 ----a-w c:\documents and settings\Drew\dunzip32.dll
2001-09-28 21:00 164,864 ----a-w c:\documents and settings\Drew\unwise32.exe
2000-02-16 22:12 50,176 ----a-w c:\documents and settings\Drew\csh.dll
2008-09-09 13:57 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-11_19.17.08.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-12-2009\ERDNT.EXE
+ 2009-02-12 13:24:44 8,601,600 ----a-w c:\windows\ERDNT\AutoBackup\2-12-2009\Users\00000001\NTUSER.DAT
+ 2009-02-12 13:24:44 229,376 ----a-w c:\windows\ERDNT\AutoBackup\2-12-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-12\ERDNT.EXE
+ 2009-02-12 13:49:21 8,601,600 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-12\Users\00000001\NTUSER.DAT
+ 2009-02-12 13:49:24 229,376 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-12\Users\00000002\UsrClass.dat
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2009-01-24 15:54:29 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-12 00:45:28 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-24 15:54:30 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-12 00:45:29 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-24 15:54:30 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-12 00:45:28 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-24 15:54:30 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-12 00:45:28 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-24 15:54:30 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-12 00:45:29 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-24 15:54:30 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-12 00:45:29 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-24 15:54:30 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-12 00:45:29 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-24 15:54:30 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-12 00:45:28 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-24 15:54:30 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-12 00:45:29 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-24 15:54:30 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-12 00:45:29 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-24 15:54:30 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-12 00:45:29 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-24 15:54:30 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-12 00:45:28 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-12-20 23:15:11 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-10-16 20:38:35 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-12-20 23:15:13 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2008-10-16 13:11:09 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2008-10-16 20:38:35 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-10-16 20:38:37 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-10-16 13:11:09 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2008-10-15 07:06:26 633,632 --s-a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2008-12-19 05:25:25 634,024 --s-a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-10-16 20:38:37 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-10-16 20:38:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-12-20 23:15:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-10-16 20:38:39 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
- 2008-10-16 13:11:09 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\SYSTEM32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\SYSTEM32\MRT.exe
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
- 2008-10-16 20:38:39 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ----a-w c:\windows\SYSTEM32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2009-02-12 13:48:03 20,585 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\0a6b9f23e356336cc61530f586d0c66a.dll
+ 2009-02-12 13:48:02 28,787 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\1ff4eae997b1753d848dbbc61d1b4345.dll
+ 2009-02-12 13:48:02 36,981 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\31aa023220b46a62dd91739a3bf1cad4.dll
+ 2009-02-12 13:48:02 28,789 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\36971e8ed4d19cc0a7051079b039c204.dll
+ 2009-02-12 13:48:00 20,571 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\42db37dadb779dbfc5da8bdd7ec61c52.dll
+ 2009-02-12 13:48:00 24,671 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\44abde5de65f3f034faac2c132713018.dll
+ 2009-02-12 13:48:02 77,941 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\7aace6f21e4c397996b145b7fd777643.dll
+ 2009-02-12 13:48:00 24,675 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\7acaa276f32e012922082aa697dfa218.dll
+ 2009-02-12 13:48:03 24,665 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\89f4ac43ba2b792785d9d472365e562b.dll
+ 2009-02-12 13:48:01 32,873 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\8d3b343ab48cfb6b14fa9d0dc35ce9e6.dll
+ 2009-02-12 13:48:02 28,767 ----a-w c:\windows\Temp\pdk-SYSTEM-2096\b2774d247dfbf0abe8539e577ee59b4c.dll
+ 2009-02-12 13:48:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8a4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1153770788\ee\AOLSoftware.exe" [2008-06-24 41824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-05 50688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2003-12-05 725046]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\New Drew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\Drew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\Ginny\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\John\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-06-24 41824]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\EHOME\RMSysTry.exe [2005-10-20 18432]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2006-10-16 20:40 1197648 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 02:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 11:43 57344 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 02:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 17:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 13:56 64512 c:\windows\EHOME\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 07:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-06-29 12:23 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 22:02 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--------- 2003-12-05 23:08 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 12:03 135168 c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-11-11 18:10 4583424 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6310DMon]
--a------ 2006-10-03 12:12 75376 c:\program files\Canon\Memory Card Utility\iP6310D\PDUiP6310DMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-03-11 10:50 28672 c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-05-16 10:50 19968 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Drew\\aim.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Documents and Settings\\Drew\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Drew\\My Documents\\My Music\\Azureus\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153770788\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [2005-02-26 6097]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Reporting;Reporting Agents;c:\program files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe [2007-03-14 1324760]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-15 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\SYSTEM32\DRIVERS\lgatbus.sys [2005-03-20 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\SYSTEM32\DRIVERS\lgatmdm.sys [2005-03-20 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\lgatserd.sys [2005-03-20 60816]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [2005-02-26 299923]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: turbotax.com
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/install.cab
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\4wzy7s4r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopab&query=
FF - plugin: c:\documents and settings\Drew\My Documents\My Music\screenshots\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Vivaty\VivatyPlayer\npflux.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 08:48:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\explorer.exe [2540] 0x8684AB98

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\EHOME\ehrecvr.exe
c:\windows\EHOME\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\windows\SYSTEM32\CBA\PDS.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\hpzipm12.exe
c:\windows\EHOME\RMSvc.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\AMS_II\IAO.EXE
c:\windows\SYSTEM32\MSGSYS.EXE
c:\windows\SYSTEM32\CBA\XFR.EXE
c:\windows\EHOME\McrdSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\AMS_II\HNDLRSVC.EXE
c:\windows\SYSTEM32\dllhost.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-12 8:56:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-12 13:56:09
ComboFix2.txt 2009-02-12 00:18:43
ComboFix3.txt 2008-12-06 16:02:27

Pre-Run: 36,469,972,992 bytes free
Post-Run: 36,376,199,168 bytes free

615 --- E O F --- 2009-02-12 00:47:45

Malwarebytes' Anti-Malware 1.34
Database version: 1753
Windows 5.1.2600 Service Pack 3

2/12/2009 11:02:06 AM
mbam-log-2009-02-12 (11-02-06).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 288238
Time elapsed: 1 hour(s), 49 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 48

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{70ffdc96-b410-4030-8a53-0d708ec40e36} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a92f13be-e67f-45d9-b7f2-7e41d8080130} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090212-083114-790.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\jwfmld.exe.vir (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\jxnx.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\kvkglog.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\wskrote.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Kmozunumulo.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hinwyygr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrqRjh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXOICtr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcCVOFX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fejokt.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaenfqsyfg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUnnlLc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wijrhg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hsfd83jfdg.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvuhga.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sdkhjq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekabyphfguu.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekaiblpdqkf.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239577.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239578.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239595.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239601.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239603.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239604.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239606.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1482\A0239575.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239797.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239798.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239799.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239800.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239801.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239803.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239809.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239811.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239817.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1484\A0239804.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\vmkgivxh.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Favorites\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Start Menu\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Desktop\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Favorites\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Start Menu\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Desktop\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\TDSSgqteinam.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

javertno1
2009-02-12, 18:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:56 AM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Trend Micro\HijackThis\javertno1.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Drew\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 12395 bytes

peku006
2009-02-12, 19:00
Hi javertno1

This was not listed
Ok, you can delete this folder:
c:\documents and settings\Drew\Application Data\uTorrent

1 - Update Java

Please download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.

Double-click on JavaRa.exe to start the program.
Click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

2 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


3 - Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006

javertno1
2009-02-13, 00:44
I deleted the uTorrent folder. However, I'm having trouble with JavaRa. I keep getting the error message that JavaRa has encountered a problem and needs to close. We are sorry for the inconvenience. I'm only able to cut and paste the error signature:

AppName: javara.exe AppVer: 1.0.12.1565 ModName: ntdll.dll
ModVer: 5.1.2600.5512 Offset: 0000100b

Please advise. Thank you.

peku006
2009-02-13, 11:21
Hi javertno1

Please continue with updating java

Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

javertno1
2009-02-13, 13:56
I tried again later after rebooting and was able to install JavaRa, then I proceeded with the next steps. Here are the logs:

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 13, 2009 06:18:45
Records in database: 1791144
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 171978
Threat name: 10
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 02:51:40


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000.VBN Infected: Trojan.Win32.Inject.nky 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580001\4F585A81.VBN Infected: Trojan.Win32.Inject.nky 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940000.VBN Infected: Trojan.Win32.Inject.nky 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940002.VBN Infected: Trojan.Win32.Inject.nky 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1A940000.VBN Infected: Trojan-Downloader.Win32.CodecPack.ajt 1
C:\Documents and Settings\Jordan\Local Settings\Application Data\Mozilla\Firefox\Profiles\tqzodvp5.default\Cache\C8E0CE5Bd01 Infected: Rootkit.Win32.TDSS.eyj 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090212-083114-875.dll Infected: Trojan.Win32.Monderb.ailg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir Infected: Trojan-Downloader.Win32.Murlo.abj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtutssq.dll.vir.vir Infected: Trojan.Win32.Monder.awfg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\clickfile.exe.vir Infected: Trojan-Downloader.Win32.Boltolog.cd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\frmwrk32.exe.vir Infected: Trojan-Downloader.Win32.Murlo.abj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvVNGyW.dll.vir Infected: Trojan.Win32.Monder.avgp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_fcccdDsT_.dll.zip Infected: Trojan.Win32.Monderb.ailg 1
C:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Suurch.ir 1
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Monderb.ailg 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IJBUGK0A\per[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.jcl 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:58 AM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\AOL\1153770788\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\javertno1.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153770788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Drew\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 12540 bytes

peku006
2009-02-13, 15:17
Hi javertno1

Please empty your Norton AntiVirus Quarantine. f you don't know how, click here (http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000041213443506).

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):
C:\Documents and Settings\Jordan\Local Settings\Application Data\Mozilla\Firefox\Profiles\tqzodvp5.default\Cache\C8E0CE5Bd01

Logs look good. How's the computer running now? Any problems?

javertno1
2009-02-14, 02:07
I think there's still something infecting the computer.

On the bottom left a yellow message scrolls up warning that "Symantec Anti-Virus Auto Protect is Disabled." Then after a few seconds it scrolls back down. It happens from time to time.

Please advise.

Thanks!

peku006
2009-02-14, 12:06
Hi javertno1

Get Firewall and AntiVirus Status

Please go to Start, Run, type wscui.cpl into the box and hit <Enter>.
Tell me if it reports both AntiVirus and Firewall as ON, and then click on the little down arrows on the right of each, and note the name of the application being used for each.
In your reply please include the application names and ON/OFF status of each.

Thanks peku006

javertno1
2009-02-14, 16:42
Windows Firewall is on.

It's telling me that my Symantec AntiVirus Corporate Edition is turned off. However, when open Symantec, it's telling me that auto-protect is turned on.

Please advise. Thank you.

peku006
2009-02-14, 17:04
Hi javertno1
Don't worry.Windows security center checks to see if your computer is secured. It starts before your Antivirus is fully loaded. So it prompts you. Then, as your AV is fully loaded, the balloon disappears. If you check your AV settings, you will find it is set to protect you.

Manage Your Computer's Security Settings in One Place (http://www.microsoft.com/windowsxp/using/security/internet/sp2_wscfwav.mspx)

the scans are fine and it looks like your machine is clean :yahoo:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)

Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.


Happy safe surfing! :bigthumb:

javertno1
2009-02-15, 02:10
Thanks for all your help. I'll be making a donation for your efforts.

I updated Spybot S&D and ran it and it showed that I still had Smitfraud-C. I clicked on fix and it said that it did. I ran it again and it didn't find any threats. However, my wallpaper is blue and I can't change it; Smitfraud-C seems to be preventing it. Is there anything that can be done? I'll send you the latest hijackthis file.

Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:25 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\javertno1.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 11640 bytes

peku006
2009-02-16, 21:38
Hi javertno1

Please download OTListIt2 by OldTimer from Geeks to Go (http://oldtimer.geekstogo.com/OTListIt2.exe). Save it your desktop.
Double click on OTListIt2.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.

Thanks peku006

javertno1
2009-02-17, 04:41
Here's the first report:

OTListIt logfile created on: 2/16/2009 9:37:56 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.15 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 61.74% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.96% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 35.31 Gb Free Space | 24.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL2005
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\EHOME\RMSysTry.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\EHOME\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\EHOME\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\SYSTEM32\CBA\PDS.EXE (LANDesk Software Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\SYSTEM32\hpzipm12.exe (HP)
PRC - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\EHOME\RMSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\SYSTEM32\AMS_II\HNDLRSVC.EXE (LANDesk Software Ltd.)
PRC - C:\WINDOWS\SYSTEM32\MSGSYS.EXE (LANDesk Software Ltd.)
PRC - C:\WINDOWS\SYSTEM32\AMS_II\IAO.EXE (LANDesk Software Ltd.)
PRC - C:\WINDOWS\SYSTEM32\CBA\XFR.EXE (LANDesk Software Ltd.)
PRC - C:\WINDOWS\EHOME\McrdSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\SYSTEM32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\John\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ccEvtMgr [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\EHOME\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\EHOME\ehSched.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Intel Alert Handler [Auto | Running]) -- C:\WINDOWS\SYSTEM32\AMS_II\HNDLRSVC.EXE (LANDesk Software Ltd.)
SRV - (Intel Alert Originator [Auto | Running]) -- C:\WINDOWS\SYSTEM32\AMS_II\IAO.EXE (LANDesk Software Ltd.)
SRV - (Intel File Transfer [Auto | Running]) -- C:\WINDOWS\SYSTEM32\CBA\XFR.EXE (LANDesk Software Ltd.)
SRV - (Intel PDS [Auto | Running]) -- C:\WINDOWS\SYSTEM32\CBA\PDS.EXE (LANDesk Software Ltd.)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\EHOME\McrdSvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\MHN.DLL (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\SYSTEM32\hpzipm12.exe (HP)
SRV - (QWAVE [Unknown | Stopped]) -- C:\WINDOWS\SYSTEM32\qwave.dll (Microsoft Corporation)
SRV - (Reporting [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe (Symantec Corporation)
SRV - (RMSvc [Auto | Running]) -- C:\WINDOWS\EHOME\RMSvc.exe (Microsoft Corporation)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WudfSvc [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\WudfSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS (Oak Technology Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS (Advanced System Products, Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS (CMD Technology, Inc.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys (Creative Technology Ltd)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS (Intel Corporation)
DRV - (kbdhid [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys (Microsoft Corporation)
DRV - (L8042PR2 [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS (Logitech, Inc.)
DRV - (lgatbus [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgatbus.sys (MCCI)
DRV - (lgatmdm [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgatmdm.sys (MCCI)
DRV - (lgatserd [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgatserd.sys (MCCI)
DRV - (LHidFlt2 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\lmouflt2.sys (Logitech, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090130.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090130.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS (QLogic Corporation)
DRV - (QWAVEDRV [Unknown | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\qwavedrv.sys (Microsoft Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (sonyhcb [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (sonyhcs [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys (Sony Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS (Adaptec, Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys ()
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS (Promise Technology, Inc.)
DRV - (USB20L [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\USB200M.sys (Linksys)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (888366 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 www.a9rhiwa.cn
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 25871 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-84AF-BB20F590A82F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} http://apps.vivaty.com/downloads/player/install.cab (VivatyCtrl Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () - http://www.u2tours.com/headers/4.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2009/02/16 21:37:07 | 00,491,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTListIt2.exe
[2009/02/14 22:35:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/02/14 22:35:40 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/02/14 22:19:54 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/02/14 22:19:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/14 22:15:54 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/02/14 22:15:54 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2009/02/14 22:14:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\NOS
[2009/02/14 22:06:54 | 00,146,771 | ---- | C] () -- C:\Documents and Settings\John\Desktop\hosts.zip
[2009/02/14 21:59:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\SiteHound
[2009/02/14 21:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\FireTrust
[2009/02/14 21:59:19 | 01,190,552 | ---- | C] () -- C:\Documents and Settings\John\Desktop\sitehound_ff_24072008.exe
[2009/02/14 21:57:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\WinPatrol
[2009/02/14 21:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/02/14 18:36:04 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\John\Desktop\SpywareBlaster.lnk
[2009/02/14 18:36:02 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/02/14 17:17:06 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/12 17:33:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/12 09:08:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2009/02/12 09:08:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/12 09:08:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/12 09:08:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/12 09:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/12 09:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/11 18:20:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\{5EC98343-B890-4F2D-B5B9-15EB92C85CB4}
[2009/02/11 17:24:23 | 10,718,12608 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/11 16:55:50 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\John\Desktop\SDFix.exe
[2009/02/11 15:00:37 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Shortcut to javertno1.exe.lnk
[2009/02/10 09:22:39 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/02/10 09:22:37 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009/02/10 09:22:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/02/08 01:38:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/24 15:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Intuit
[2009/01/24 15:38:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2009/01/24 15:36:14 | 00,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/16 21:37:07 | 00,491,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTListIt2.exe
[2009/02/16 21:35:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/02/16 16:00:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/16 11:59:14 | 00,888,366 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/02/16 11:48:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/02/16 11:46:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/16 11:46:07 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/02/16 11:45:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/02/16 11:45:44 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/16 11:08:51 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/02/16 11:08:51 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/02/16 11:08:51 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/02/16 11:08:51 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/02/16 11:08:51 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/02/16 11:08:51 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/02/16 11:08:51 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2009/02/16 11:08:51 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2009/02/15 15:13:11 | 00,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2009/02/15 14:32:43 | 00,610,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090216-115914.backup
[2009/02/14 22:35:40 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/02/14 22:35:19 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/02/14 22:19:54 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/02/14 22:15:54 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/02/14 22:15:54 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2009/02/14 22:06:55 | 00,146,771 | ---- | M] () -- C:\Documents and Settings\John\Desktop\hosts.zip
[2009/02/14 21:59:19 | 01,190,552 | ---- | M] () -- C:\Documents and Settings\John\Desktop\sitehound_ff_24072008.exe
[2009/02/14 18:36:04 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\John\Desktop\SpywareBlaster.lnk
[2009/02/14 18:02:13 | 00,291,346 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS.MVP
[2009/02/14 17:55:10 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2009/02/14 17:12:18 | 00,000,628 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/02/14 17:12:18 | 00,000,279 | RHS- | M] () -- C:\BOOT.INI
[2009/02/14 17:12:18 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/12 09:08:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/12 08:48:35 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090214-180213.backup
[2009/02/11 19:44:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 16:55:52 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\John\Desktop\SDFix.exe
[2009/02/11 15:00:37 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Shortcut to javertno1.exe.lnk
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 01:29:44 | 00,610,711 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\1.hosts
[2009/02/10 09:22:39 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/02/10 09:22:37 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009/02/06 23:25:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/02/04 21:36:58 | 00,350,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/22 20:05:00 | 00,019,372 | ---- | M] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2009/01/18 12:57:09 | 01,390,592 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/01/18 12:57:09 | 00,680,960 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8662B30
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\John\My Documents\Thumbs.db:encryptable
< End of report >

javertno1
2009-02-17, 04:43
Here's the second report:

OTListIt Extras logfile created on: 2/16/2009 9:37:56 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.15 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 61.74% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.96% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 35.31 Gb Free Space | 24.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL2005
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0 File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client (Hewlett-Packard)
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1153770788\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare ()
C:\Documents and Settings\Drew\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater ()
C:\Documents and Settings\Drew\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords (Firaxis Games)
C:\Documents and Settings\Drew\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss (Firaxis Games)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Documents and Settings\Drew\My Documents\My Music\Azureus\Azureus\Azureus.exe:*:Enabled:Azureus File not found
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information (America Online, Inc.)
C:\WINDOWS\EHOME\ehshell.exe:LocalSubNet:Enabled:Media Center (Microsoft Corporation)
C:\Program Files\Common Files\AOL\1153770788\ee\AOLDesktop.exe:*:Enabled:AOL Desktop File not found
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager (Electronic Arts)
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0E32CB58-DEC6-417D-AE5A-E735D9411071}" = Reporting Agents (Symantec Corporation)
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6310D" = Canon iP6310D
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13413C6C-C640-40B8-917E-CA3062826B18}" = PIXELA ImageMixer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.77
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{642CED71-26F3-45CC-88F9-0EA092D65E8C}" = Formulator
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6566A98A-3BB9-4FB8-AB36-7372D98F2D0C}" = Global Mapper 6
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7AD35FDD-A268-44b7-9A8E-4677020CC90B}" = 1300Tour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{980606BB-A475-4a85-A665-6E30DB2F28B3}" = 1300Trb
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A71822CD-7F77-46a3-B761-D6BA35245E95}" = 1300
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B82C38F7-E305-465D-A00E-E8D29D587746}" = Vivaty Player
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}" = Apple Mobile Device Support
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB83F10A-D02A-4aba-8843-ACAB50D48216}" = 1300_Help
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA418519-2160-43A0-AABD-6608DDD8D87F}" = iTunes
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Toolbar 5.0" =
"Audacity_is1" = Audacity 1.2.6
"Azureus" = Azureus
"Azureus Vuze" = Azureus Vuze
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Buddy Icon Maker 1.0.0.1" = Buddy Icon Maker 1.0.0.1
"CAL" = Canon Camera Access Library
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon iP6310D User Registration" = Canon iP6310D User Registration
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CSCLIB" = Canon Camera Support Core Library
"Ease Audio Converter_is1" = Ease Audio Converter 3.50
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EHome Devices" = Media Center Extender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"ffdshow_is1" = ffdshow [rev 2280] [2008-11-02]
"Google Updater" = Google Updater
"GVOX Encore 32 v4.5" = GVOX Encore 32 v4.5
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LimeWire" = LimeWire 4.12.6
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"MagicDisc 2.5.74" = MagicDisc 2.5.74
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MCU PDUiP6310DMon.exe" = Canon iP6310D Memory Card Utility
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ots CD Scratch 1200" = Ots CD Scratch 1200 1.00.032
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PowerISO" = PowerISO
"QuickLink Mobile" = QuickLink Mobile
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scheduler for Excel_is1" = Scheduler for Excel - Version 1.0
"Shockwave" = Shockwave
"SiteHoundFirefox" = SiteHound for FireFox 2.0.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TellmeMoreV50" = TeLL me More
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2008
"WinPoker6" = WinPoker 6
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pearl Jam Live" = Pearl Jam Live

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2009 2:20:22 PM | Computer Name = DELL2005 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Hacktool.Rootkit in File: c:\windows\system32\drivers\inmkarkv.sys
by: Startup scan. Action: Cleaned by Deletion. Action Description:

Error - 2/7/2009 6:06:17 PM | Computer Name = DELL2005 | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.3.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2009 9:33:42 PM | Computer Name = DELL2005 | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: -2147483576. This error code indicates the cause of the error.

Error - 2/11/2009 3:59:12 PM | Computer Name = DELL2005 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\crypts.dll
by: Startup scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 2/11/2009 3:59:13 PM | Computer Name = DELL2005 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Downloader in File: c:\windows\system32\crypts.dll
by: Startup scan. Action: Cleaned by Deletion. Action Description:

Error - 2/12/2009 6:35:29 PM | Computer Name = DELL2005 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.0.12.1565, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

Error - 2/12/2009 6:35:37 PM | Computer Name = DELL2005 | Source = Application Error | ID = 1001
Description = Fault bucket 1055597749.

Error - 2/12/2009 6:36:07 PM | Computer Name = DELL2005 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.0.12.1565, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

Error - 2/14/2009 10:37:49 AM | Computer Name = DELL2005 | Source = Application Hang | ID = 1002
Description = Hanging application sinf.exe, version 2.4.6.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/14/2009 6:35:07 PM | Computer Name = DELL2005 | Source = Application Hang | ID = 1002
Description = Hanging application unwise32.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 1/12/2009 9:26:28 PM | Computer Name = DELL2005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/11/2009 5:59:33 PM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eeCtrl Fips intelppm IPSec MRxSmb muykbnhs NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SCDEmu
SPBBCDrv
SYMTDI
Tcpip

Error - 2/11/2009 5:59:49 PM | Computer Name = DELL2005 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/11/2009 6:26:03 PM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
muykbnhs

Error - 2/11/2009 7:35:47 PM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
muykbnhs

Error - 2/11/2009 7:45:17 PM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
muykbnhs

Error - 2/11/2009 7:57:42 PM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
muykbnhs

Error - 2/12/2009 9:24:40 AM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
muykbnhs

Error - 2/12/2009 9:49:26 AM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 2/12/2009 12:05:41 PM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 2/13/2009 7:40:06 PM | Computer Name = DELL2005 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).


< End of report >

peku006
2009-02-17, 12:42
Hi javertno1

I updated Spybot S&D and ran it and it showed that I still had Smitfraud-C. I clicked on fix and it said that it did
Can you tell me where they was located?

FixPolicies

Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box should briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.

post back if it helped.

Thanks peku006

javertno1
2009-02-18, 03:51
The fixpolicies.exe didn't help. The new wallpaper that I selected would appear only on the reboot until windows fully loads, then the blue wallpaper would appear.

I went back and got the Spybot S&D report. Does this help?

--- Report generated: 2009-02-14 18:25 ---

Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\instkey

Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, nothing done)
HKEY_USERS\PE_C_DREW\Software\Microsoft\instkey

Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, nothing done)
HKEY_USERS\PE_C_JORDAN\Software\Microsoft\instkey

Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\instkey

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-08-14 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2007-01-09 unins000.exe (51.41.0.0)
2009-02-14 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-01-22 Includes\Adware.sbi (*)
2009-01-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-02-10 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2009-02-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-02-10 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-02-10 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi (*)
2009-02-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

peku006
2009-02-18, 18:23
Hi javertno1

1 - Disable Spybot Teatimer temporarily
Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check (tick) this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.


Download and Unzip to your Desktop: ResetTeaTimer.bat.zip (http://www.techsupportforum.com/sectools/ResetTeaTimer.zip) >
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

Restart your computer for the changes to take effect.

2- Download and run SmitfraudFix
Download SmitFraudFix.exe (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) by S!Ri and save it to the desktop
If the above link does not work, use one of these alternative sites:
From Geekstogo (http://siri.geekstogo.com/SmitfraudFix.exe)
From Security Cadets (http://downloads.securitycadets.com/SmitfraudFix.exe)
From Zebulon (http://telechargement.zebulon.fr/259-smitfraudfix.html)
Double click on SmitfraudFix.exe to start the tool
Press 1 then hit the Enter key
After SmitfraudFix has finished it will create a log named rapport.txt, usually at C:\rapport.txt
Include this log in your next post
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. More info here (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

Thanks peku006

javertno1
2009-02-20, 04:02
I followed your instructions but I'm not sure if the bat file did anything. When I double clicked on it a window popped up for a second without any writing. However, the spybot icon is not in the system tray on the reboot.

Anyway I continued with your instructions and here's the rapport.txt:

SmitFraudFix v2.398

Scan done at 20:53:49.67, Thu 02/19/2009
Run from C:\Documents and Settings\John\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 m.dell.com
127.0.0.1 www.microsoft.com.v6.update.js.status200.londoncn.cn
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.spywareinfo.com
127.0.0.1 spywareinfo.com
127.0.0.1 ads.techguy.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\John\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\John\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.u2tours.com/headers/4.gif"
"SubscribedURL"="http://www.u2tours.com/headers/4.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 167.206.254.2
DNS Server Search Order: 167.206.254.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5035E066-4BE3-4D48-AB60-7C2F4A3B44BD}: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5035E066-4BE3-4D48-AB60-7C2F4A3B44BD}: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5035E066-4BE3-4D48-AB60-7C2F4A3B44BD}: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5035E066-4BE3-4D48-AB60-7C2F4A3B44BD}: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.2 167.206.254.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

peku006
2009-02-20, 09:56
Hi javertno1
you do not have a Smitfraud infection
Spybot S & D report shows only the registry changes

Do you get some kind of popups from Spybot S & D

javertno1
2009-02-21, 02:12
My desktop wallpaper is blue and I cannot change it. I attempt to change it by right clicking on the wallpaper and selecting anything, but the wallpaper stays blue. The only time the newly selected wallpaper appears is while windows is loading. After it fully loads, the blue wallpaper appears once again.

Any suggestions? As always, thank you.

javertno1
2009-02-21, 02:27
I just checked out the other user names on this computer and they do not have the blue screen, only me. In addition, the clock on my screen is in military time while the other accounts are displayed in standard form.

Thanks!

peku006
2009-02-22, 21:14
Hi javertno1
have you administrator rights to your account?

HOW TO: Change Date, Time (http://support.microsoft.com/kb/307938)

javertno1
2009-02-23, 04:53
Customize is not one of the choices available even when I log on as administrator. I cannot change the way time is displayed in my account. It displays fine in all the other accounts on the computer.

Please address the blue screen issue that I have. In addition to the blue wallpaper screen certain objects are not being displayed properly in my account. For instance, when using TurboTax software certain objects are not being displayed in my user account; however, if I sign on to another user account in this computer the objects are displayed properly.

Please help.

Thank you.

peku006
2009-02-23, 11:08
Hi javertno1
Let´s try this....

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"Wallpaper"=-

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"Wallpaper"=-

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

post back if it helped.

javertno1
2009-02-23, 18:55
Sorry it didn't help. Any other ideas? Thank you.

peku006
2009-02-23, 19:33
Hi javertno1
Please post a fresh HijackThis log

Thanks peku006

javertno1
2009-02-23, 23:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:47, on 2/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\javertno1.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-2056565637-2194438346-315246626-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Ginny')
O4 - HKUS\S-1-5-21-2056565637-2194438346-315246626-1006\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User 'Ginny')
O4 - HKUS\S-1-5-21-2056565637-2194438346-315246626-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ginny')
O4 - HKUS\S-1-5-21-2056565637-2194438346-315246626-1006\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Ginny')
O4 - S-1-5-21-2056565637-2194438346-315246626-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Ginny')
O4 - S-1-5-21-2056565637-2194438346-315246626-1006 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Ginny')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.u2tours.com/headers/4.gif

--
End of file - 12907 bytes

peku006
2009-02-24, 10:48
Hi javertno1
There is no malware that would be causing your problem
Let´s try this....

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.


Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=-
"NoSaveSettings"=-
"Wallpaper"=-
"WallpaperStyle"=-


Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

post back if it helped.

Thanks peku006

javertno1
2009-02-25, 10:31
I followed your latest suggestion, but I'm still having the same problem. After rebooting and then clicking on my user account, my selected wallpaper is displayed until just before everything is loaded, then the blue wallpaper appears. Do you have anything else I can try? Thanks!

peku006
2009-02-25, 10:59
Hi javertno1

Right click on your desktop, click properties>desktop and then click the customize desktop button. Click the web tab and uncheck the box next to any items in the box under web page. Also, uncheck the line that says "lock desktop items" if it happens to be checked.

If this is the problem you can delete the item by clicking on it in the list and then clicking the delete button.

Options to change wallpaper may be missing or unavailable
(http://support.microsoft.com/?kbid=921049)

post back if it helped.

Thanks peku006

javertno1
2009-02-27, 17:38
That solved the problem. Thank you so much for your commitment in helping me solve all my computer related problems. A donation will be made. Thanks again!

peku006
2009-03-02, 11:34
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.