View Full Version : S&D reports Virtumundo infection
HI!
I'm hoping I followed the right steps, I backed up with ERUNT, and then ran HijackThis, with the following hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:06 PM, on 6/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - S-1-5-18 Startup: ListProAlarms.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PVR Console.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PVR3Watch.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ListProAlarms.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'Default user')
O4 - .DEFAULT Startup: PVR Console.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PVR3Watch.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'Default user')
O4 - Startup: ListProAlarms.lnk.disabled
O4 - Startup: OpenOffice.org 2.2.lnk.disabled
O4 - Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe
O4 - Startup: PVR Console.lnk.disabled
O4 - Startup: PVR3Watch.lnk.disabled
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Jungle Disk Desktop.lnk = C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O4 - Global Startup: PCScreen.lnk.disabled
O4 - Global Startup: PVR Console.lnk.disabled
O4 - Global Startup: PVR3Watch.lnk.disabled
O4 - Global Startup: Scheduler for OEM.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.17.21/Java/cs4ms090.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177431608796
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JungleDiskService - Jungle Disk, Inc. - C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 10455 bytes
Thank you very much!
Cranky
Hello and welcome to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3- Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
Thank you very much.
I ran MBAM and it reported no infections, here is the mbam-log:
Database version: 2323
Windows 5.1.2600 Service Pack 3
6/22/2009 10:48:47 PM
mbam-log-2009-06-22 (22-48-47).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 318651
Time elapsed: 1 hour(s), 31 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-end MBAM log--
RSIT log to follow
Here is the log.txt file
Logfile of random's system information tool 1.06 (written by random/random)
Run by Fred at 2009-06-22 22:55:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 72 GB (24%) free of 305 GB
Total RAM: 2047 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:51 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Fred\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fred.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - S-1-5-18 Startup: ListProAlarms.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PVR Console.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PVR3Watch.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ListProAlarms.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'Default user')
O4 - .DEFAULT Startup: PVR Console.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PVR3Watch.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'Default user')
O4 - Startup: ListProAlarms.lnk.disabled
O4 - Startup: OpenOffice.org 2.2.lnk.disabled
O4 - Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe
O4 - Startup: PVR Console.lnk.disabled
O4 - Startup: PVR3Watch.lnk.disabled
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Jungle Disk Desktop.lnk = C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O4 - Global Startup: PCScreen.lnk.disabled
O4 - Global Startup: PVR Console.lnk.disabled
O4 - Global Startup: PVR3Watch.lnk.disabled
O4 - Global Startup: Scheduler for OEM.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.17.21/Java/cs4ms090.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177431608796
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JungleDiskService - Jungle Disk, Inc. - C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 10500 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-343818398-682003330-1004.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CF560DC-DFCB-4737-82C2-9564CA8F733B}]
Virtual Storage Mount Notification - C:\WINDOWS\system32\VSMntNtf.dll [2009-04-08 97792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll [2006-07-09 278528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-06-17 414992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Eraser"=C:\Program Files\Eraser\eraser.exe [2007-12-07 376832]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-11 401491]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-24 251240]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk.disabled - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Free WebSite Tools.lnk.disabled - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
Jungle Disk Desktop.lnk - C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
PCScreen.lnk.disabled - C:\Program Files\BellCanada\PC Screen\PCScreen.exe
PVR Console.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVR3.exe
PVR3Watch.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVRWatch.exe
Scheduler for OEM.lnk.disabled - C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\Fred\Start Menu\Programs\Startup
ListProAlarms.lnk.disabled - C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
OpenOffice.org 2.2.lnk.disabled - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
PMCRemoteLauncher.lnk - C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe
PVR Console.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVR3.exe
PVR3Watch.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVRWatch.exe
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll [2009-04-08 97792]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BellCanada\PC Screen\PCScreen.exe"="C:\Program Files\BellCanada\PC Screen\PCScreen.exe:*:Enabled:uScreen"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe:*:Enabled:FreeFTP"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\CoffeeCup Software\Coffee.exe"="C:\Program Files\CoffeeCup Software\Coffee.exe:*:Enabled:CoffeeCup HTML Editor"
"C:\Documents and Settings\Fred\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Fred\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40b59d5d-8411-11dd-b062-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908c05de-85b3-11dd-b068-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a05e753-a11b-11dd-b0a1-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa13f262-828d-11dd-b05f-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
======List of files/folders created in the last 3 months======
2009-06-22 22:55:34 ----D---- C:\rsit
2009-06-21 17:51:25 ----D---- C:\Program Files\Trend Micro
2009-06-21 17:49:37 ----D---- C:\WINDOWS\ERDNT
2009-06-21 17:49:08 ----D---- C:\Program Files\ERUNT
2009-06-19 07:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-19 07:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-19 07:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-19 07:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-31 15:04:16 ----D---- C:\Documents and Settings\Fred\Application Data\TomTom
2009-05-31 15:04:08 ----D---- C:\Program Files\TomTom International B.V
2009-05-31 15:03:50 ----D---- C:\Program Files\TomTom HOME 2
2009-05-30 17:08:28 ----D---- C:\WINDOWS\Minidump
2009-05-29 11:24:27 ----D---- C:\Program Files\Safer Networking
2009-05-25 14:54:03 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-05-25 14:53:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\PMLJNI.dll
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\jst.dll
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\hpbmmjno.dll
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\compJNI.dll
2009-05-25 14:50:37 ----A---- C:\WINDOWS\system32\d4channel.dll
2009-05-25 14:47:20 ----D---- C:\Program Files\Common Files\HP
2009-05-21 21:06:02 ----A---- C:\WINDOWS\system32\lvci11901262.dll
2009-05-21 21:03:39 ----D---- C:\Program Files\Logitech
2009-05-21 20:44:20 ----D---- C:\Documents and Settings\Fred\Application Data\skypePM
2009-05-21 20:41:17 ----D---- C:\Documents and Settings\Fred\Application Data\Skype
2009-05-21 20:40:45 ----D---- C:\Program Files\Common Files\Skype
2009-05-21 20:40:41 ----RD---- C:\Program Files\Skype
2009-05-21 20:40:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-13 12:49:43 ----D---- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2009-05-13 12:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 12:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-30 13:17:15 ----A---- C:\WINDOWS\wininit.ini
2009-04-24 12:05:28 ----A---- C:\WINDOWS\system32\VSMntNtf.dll
2009-04-24 12:05:23 ----D---- C:\Program Files\Jungle Disk Desktop
2009-04-23 11:52:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-23 08:52:22 ----D---- C:\Documents and Settings\Fred\Application Data\Desktop Sidebar
2009-04-23 08:51:06 ----D---- C:\Program Files\Desktop Sidebar
2009-04-19 16:16:20 ----D---- C:\Documents and Settings\Fred\Application Data\Corel
2009-04-19 16:16:19 ----D---- C:\Program Files\Corel
2009-04-19 16:09:20 ----D---- C:\WINDOWS\Corel
2009-04-19 10:03:56 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-18 11:27:49 ----D---- C:\Documents and Settings\Fred\Application Data\JungleDisk
2009-04-18 11:24:02 ----D---- C:\Documents and Settings\All Users\Application Data\JungleDisk
2009-04-18 11:23:47 ----A---- C:\WINDOWS\system32\VSNetRdr.dll
2009-04-16 00:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 00:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 00:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-16 00:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-16 00:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 00:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 00:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-16 00:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-16 00:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-16 00:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-16 00:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-16 00:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-16 00:32:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-16 00:32:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-16 00:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 00:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-16 00:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-16 00:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-16 00:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 18:19:32 ----N---- C:\WINDOWS\system32\xpsp4res.dll
======List of files/folders modified in the last 3 months======
2009-06-22 22:55:40 ----D---- C:\WINDOWS\Temp
2009-06-22 22:55:22 ----D---- C:\WINDOWS\Prefetch
2009-06-22 22:45:58 ----D---- C:\Program Files\Mozilla Firefox
2009-06-22 21:13:02 ----D---- C:\WINDOWS\system32\drivers
2009-06-22 07:34:16 ----D---- C:\WINDOWS
2009-06-21 17:51:25 ----D---- C:\Program Files
2009-06-21 16:45:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-21 16:45:08 ----D---- C:\WINDOWS\system32
2009-06-21 13:34:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-20 17:28:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-19 14:50:10 ----D---- C:\Documents and Settings\Fred\Application Data\OpenOffice.org2
2009-06-19 14:47:47 ----HD---- C:\WINDOWS\inf
2009-06-19 07:21:58 ----A---- C:\WINDOWS\imsins.BAK
2009-06-19 07:21:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-19 07:18:26 ----D---- C:\WINDOWS\system32\en-US
2009-06-19 07:18:26 ----D---- C:\Program Files\Internet Explorer
2009-06-19 00:51:34 ----D---- C:\Program Files\Xnews
2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-01 05:56:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-31 20:21:06 ----D---- C:\WINDOWS\Help
2009-05-31 18:28:41 ----D---- C:\Documents and Settings\Fred\Application Data\U3
2009-05-31 15:04:08 ----SHD---- C:\WINDOWS\Installer
2009-05-31 15:04:08 ----HD---- C:\Config.Msi
2009-05-31 15:03:39 ----D---- C:\Program Files\TomTom HOME
2009-05-26 16:25:20 ----D---- C:\Program Files\hp
2009-05-26 16:25:11 ----D---- C:\Program Files\Hewlett-Packard
2009-05-25 14:50:55 ----HD---- C:\Program Files\Zero G Registry
2009-05-25 14:49:47 ----RSD---- C:\WINDOWS\assembly
2009-05-25 14:48:46 ----A---- C:\WINDOWS\win.ini
2009-05-25 14:47:45 ----D---- C:\WINDOWS\WinSxS
2009-05-25 14:47:20 ----D---- C:\Program Files\Common Files
2009-05-25 14:45:56 ----D---- C:\WINDOWS\twain_32
2009-05-25 14:44:46 ----D---- C:\Temp
2009-05-25 14:43:57 ----A---- C:\WINDOWS\system32\AddPort.ini
2009-05-25 14:43:53 ----A---- C:\WINDOWS\hpntwksetup.ini
2009-05-25 14:38:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-22 08:40:54 ----D---- C:\Documents and Settings\Fred\Application Data\wsInspector
2009-05-21 21:07:53 ----D---- C:\Program Files\Common Files\LogiShrd
2009-05-21 21:07:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-21 21:06:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-21 21:03:40 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-05-16 18:02:40 ----D---- C:\Program Files\Google
2009-05-16 16:35:52 ----D---- C:\Documents and Settings\Fred\Application Data\Mozilla
2009-05-14 12:14:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-14 12:11:37 ----RSD---- C:\WINDOWS\Fonts
2009-05-07 11:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-06 17:01:42 ----SD---- C:\WINDOWS\Tasks
2009-04-29 00:56:02 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 00:56:02 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\url.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\occache.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\mstime.dll
2009-04-29 00:56:00 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-29 00:56:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 00:56:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 00:55:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 00:55:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-29 00:55:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 00:55:57 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-29 00:55:57 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-04-29 00:55:57 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 00:55:55 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 00:55:55 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 05:05:56 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-04-28 05:05:56 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 01:26:23 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-04-24 12:05:34 ----D---- C:\Documents and Settings
2009-04-23 12:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 11:52:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-22 13:36:57 ----D---- C:\Program Files\CoffeeCup Software
2009-04-19 10:04:42 ----D---- C:\Program Files\DivX
2009-04-17 07:06:51 ----D---- C:\Program Files\McAfee
2009-04-16 21:31:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 08:22:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 08:17:53 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 08:17:53 ----D---- C:\WINDOWS\AppPatch
2009-04-15 18:33:37 ----D---- C:\Program Files\Mozilla Thunderbird
2009-04-15 10:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 JDFS;JDFS; \??\C:\WINDOWS\system32\drivers\jdfs.sys []
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-05-03 223424]
R2 713xTVCard;SAA7130 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 279552]
R2 WDMTVTuner;Universal WDM TV Tuner; C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 25984]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-12-16 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 OmniTV;Cx2388x AvStream Video Capture; C:\WINDOWS\system32\DRIVERS\OmniTV.sys [2007-08-06 243584]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-01 230272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-12-17 23832]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
S3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2008-12-17 66456]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
S3 LVUVC;QuickCam Orbit/Sphere AF(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-12-17 6364440]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SamsonLLDriver;Samson LL Driver; C:\WINDOWS\System32\Drivers\SamsonLLDriver.sys [2006-12-12 56832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;PCTV 330e/8x0e Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 476288]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 38656]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-01-11 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
R2 JungleDiskService;JungleDiskService; C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [2009-04-28 5271824]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-24 92008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Here is the info.txt file:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Fred at 2009-06-22 22:55:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 72 GB (24%) free of 305 GB
Total RAM: 2047 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:51 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Fred\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fred.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - S-1-5-18 Startup: ListProAlarms.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PVR Console.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PVR3Watch.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ListProAlarms.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'Default user')
O4 - .DEFAULT Startup: PVR Console.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PVR3Watch.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'Default user')
O4 - Startup: ListProAlarms.lnk.disabled
O4 - Startup: OpenOffice.org 2.2.lnk.disabled
O4 - Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe
O4 - Startup: PVR Console.lnk.disabled
O4 - Startup: PVR3Watch.lnk.disabled
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Jungle Disk Desktop.lnk = C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O4 - Global Startup: PCScreen.lnk.disabled
O4 - Global Startup: PVR Console.lnk.disabled
O4 - Global Startup: PVR3Watch.lnk.disabled
O4 - Global Startup: Scheduler for OEM.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.17.21/Java/cs4ms090.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177431608796
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JungleDiskService - Jungle Disk, Inc. - C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 10500 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-343818398-682003330-1004.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CF560DC-DFCB-4737-82C2-9564CA8F733B}]
Virtual Storage Mount Notification - C:\WINDOWS\system32\VSMntNtf.dll [2009-04-08 97792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll [2006-07-09 278528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-06-17 414992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Eraser"=C:\Program Files\Eraser\eraser.exe [2007-12-07 376832]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-11 401491]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-24 251240]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk.disabled - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Free WebSite Tools.lnk.disabled - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
Jungle Disk Desktop.lnk - C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
PCScreen.lnk.disabled - C:\Program Files\BellCanada\PC Screen\PCScreen.exe
PVR Console.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVR3.exe
PVR3Watch.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVRWatch.exe
Scheduler for OEM.lnk.disabled - C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\Fred\Start Menu\Programs\Startup
ListProAlarms.lnk.disabled - C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
OpenOffice.org 2.2.lnk.disabled - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
PMCRemoteLauncher.lnk - C:\Documents and Settings\Fred\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe
PVR Console.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVR3.exe
PVR3Watch.lnk.disabled - C:\Program Files\PVR Series\PVR_Console\PVRWatch.exe
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll [2009-04-08 97792]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BellCanada\PC Screen\PCScreen.exe"="C:\Program Files\BellCanada\PC Screen\PCScreen.exe:*:Enabled:uScreen"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe"="C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\FreeFTP.exe:*:Enabled:FreeFTP"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\CoffeeCup Software\Coffee.exe"="C:\Program Files\CoffeeCup Software\Coffee.exe:*:Enabled:CoffeeCup HTML Editor"
"C:\Documents and Settings\Fred\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Fred\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40b59d5d-8411-11dd-b062-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908c05de-85b3-11dd-b068-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a05e753-a11b-11dd-b0a1-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa13f262-828d-11dd-b05f-001a920489ca}]
shell\AutoRun\command - G:\LaunchU3.exe
======List of files/folders created in the last 3 months======
2009-06-22 22:55:34 ----D---- C:\rsit
2009-06-21 17:51:25 ----D---- C:\Program Files\Trend Micro
2009-06-21 17:49:37 ----D---- C:\WINDOWS\ERDNT
2009-06-21 17:49:08 ----D---- C:\Program Files\ERUNT
2009-06-19 07:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-19 07:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-19 07:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-19 07:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-31 15:04:16 ----D---- C:\Documents and Settings\Fred\Application Data\TomTom
2009-05-31 15:04:08 ----D---- C:\Program Files\TomTom International B.V
2009-05-31 15:03:50 ----D---- C:\Program Files\TomTom HOME 2
2009-05-30 17:08:28 ----D---- C:\WINDOWS\Minidump
2009-05-29 11:24:27 ----D---- C:\Program Files\Safer Networking
2009-05-25 14:54:03 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-05-25 14:53:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\PMLJNI.dll
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\jst.dll
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\hpbmmjno.dll
2009-05-25 14:50:38 ----A---- C:\WINDOWS\system32\compJNI.dll
2009-05-25 14:50:37 ----A---- C:\WINDOWS\system32\d4channel.dll
2009-05-25 14:47:20 ----D---- C:\Program Files\Common Files\HP
2009-05-21 21:06:02 ----A---- C:\WINDOWS\system32\lvci11901262.dll
2009-05-21 21:03:39 ----D---- C:\Program Files\Logitech
2009-05-21 20:44:20 ----D---- C:\Documents and Settings\Fred\Application Data\skypePM
2009-05-21 20:41:17 ----D---- C:\Documents and Settings\Fred\Application Data\Skype
2009-05-21 20:40:45 ----D---- C:\Program Files\Common Files\Skype
2009-05-21 20:40:41 ----RD---- C:\Program Files\Skype
2009-05-21 20:40:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-13 12:49:43 ----D---- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2009-05-13 12:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 12:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-30 13:17:15 ----A---- C:\WINDOWS\wininit.ini
2009-04-24 12:05:28 ----A---- C:\WINDOWS\system32\VSMntNtf.dll
2009-04-24 12:05:23 ----D---- C:\Program Files\Jungle Disk Desktop
2009-04-23 11:52:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-23 08:52:22 ----D---- C:\Documents and Settings\Fred\Application Data\Desktop Sidebar
2009-04-23 08:51:06 ----D---- C:\Program Files\Desktop Sidebar
2009-04-19 16:16:20 ----D---- C:\Documents and Settings\Fred\Application Data\Corel
2009-04-19 16:16:19 ----D---- C:\Program Files\Corel
2009-04-19 16:09:20 ----D---- C:\WINDOWS\Corel
2009-04-19 10:03:56 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-18 11:27:49 ----D---- C:\Documents and Settings\Fred\Application Data\JungleDisk
2009-04-18 11:24:02 ----D---- C:\Documents and Settings\All Users\Application Data\JungleDisk
2009-04-18 11:23:47 ----A---- C:\WINDOWS\system32\VSNetRdr.dll
2009-04-16 00:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 00:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 00:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-16 00:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-16 00:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 00:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 00:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-16 00:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-16 00:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-16 00:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-16 00:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-16 00:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-16 00:32:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-16 00:32:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-16 00:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 00:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-16 00:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-16 00:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-16 00:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 18:19:32 ----N---- C:\WINDOWS\system32\xpsp4res.dll
======List of files/folders modified in the last 3 months======
2009-06-22 22:55:40 ----D---- C:\WINDOWS\Temp
2009-06-22 22:55:22 ----D---- C:\WINDOWS\Prefetch
2009-06-22 22:45:58 ----D---- C:\Program Files\Mozilla Firefox
2009-06-22 21:13:02 ----D---- C:\WINDOWS\system32\drivers
2009-06-22 07:34:16 ----D---- C:\WINDOWS
2009-06-21 17:51:25 ----D---- C:\Program Files
2009-06-21 16:45:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-21 16:45:08 ----D---- C:\WINDOWS\system32
2009-06-21 13:34:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-20 17:28:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-19 14:50:10 ----D---- C:\Documents and Settings\Fred\Application Data\OpenOffice.org2
2009-06-19 14:47:47 ----HD---- C:\WINDOWS\inf
2009-06-19 07:21:58 ----A---- C:\WINDOWS\imsins.BAK
2009-06-19 07:21:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-19 07:18:26 ----D---- C:\WINDOWS\system32\en-US
2009-06-19 07:18:26 ----D---- C:\Program Files\Internet Explorer
2009-06-19 00:51:34 ----D---- C:\Program Files\Xnews
2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-01 05:56:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-31 20:21:06 ----D---- C:\WINDOWS\Help
2009-05-31 18:28:41 ----D---- C:\Documents and Settings\Fred\Application Data\U3
2009-05-31 15:04:08 ----SHD---- C:\WINDOWS\Installer
2009-05-31 15:04:08 ----HD---- C:\Config.Msi
2009-05-31 15:03:39 ----D---- C:\Program Files\TomTom HOME
2009-05-26 16:25:20 ----D---- C:\Program Files\hp
2009-05-26 16:25:11 ----D---- C:\Program Files\Hewlett-Packard
2009-05-25 14:50:55 ----HD---- C:\Program Files\Zero G Registry
2009-05-25 14:49:47 ----RSD---- C:\WINDOWS\assembly
2009-05-25 14:48:46 ----A---- C:\WINDOWS\win.ini
2009-05-25 14:47:45 ----D---- C:\WINDOWS\WinSxS
2009-05-25 14:47:20 ----D---- C:\Program Files\Common Files
2009-05-25 14:45:56 ----D---- C:\WINDOWS\twain_32
2009-05-25 14:44:46 ----D---- C:\Temp
2009-05-25 14:43:57 ----A---- C:\WINDOWS\system32\AddPort.ini
2009-05-25 14:43:53 ----A---- C:\WINDOWS\hpntwksetup.ini
2009-05-25 14:38:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-22 08:40:54 ----D---- C:\Documents and Settings\Fred\Application Data\wsInspector
2009-05-21 21:07:53 ----D---- C:\Program Files\Common Files\LogiShrd
2009-05-21 21:07:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-21 21:06:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-21 21:03:40 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-05-16 18:02:40 ----D---- C:\Program Files\Google
2009-05-16 16:35:52 ----D---- C:\Documents and Settings\Fred\Application Data\Mozilla
2009-05-14 12:14:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-14 12:11:37 ----RSD---- C:\WINDOWS\Fonts
2009-05-07 11:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-06 17:01:42 ----SD---- C:\WINDOWS\Tasks
2009-04-29 00:56:02 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 00:56:02 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\url.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\occache.dll
2009-04-29 00:56:01 ----A---- C:\WINDOWS\system32\mstime.dll
2009-04-29 00:56:00 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-29 00:56:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 00:56:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 00:55:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 00:55:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-29 00:55:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 00:55:57 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-29 00:55:57 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-04-29 00:55:57 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 00:55:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 00:55:55 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 00:55:55 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 05:05:56 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-04-28 05:05:56 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 01:26:23 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-04-24 12:05:34 ----D---- C:\Documents and Settings
2009-04-23 12:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 11:52:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-22 13:36:57 ----D---- C:\Program Files\CoffeeCup Software
2009-04-19 10:04:42 ----D---- C:\Program Files\DivX
2009-04-17 07:06:51 ----D---- C:\Program Files\McAfee
2009-04-16 21:31:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 08:22:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 08:17:53 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 08:17:53 ----D---- C:\WINDOWS\AppPatch
2009-04-15 18:33:37 ----D---- C:\Program Files\Mozilla Thunderbird
2009-04-15 10:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 JDFS;JDFS; \??\C:\WINDOWS\system32\drivers\jdfs.sys []
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-05-03 223424]
R2 713xTVCard;SAA7130 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 279552]
R2 WDMTVTuner;Universal WDM TV Tuner; C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 25984]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-12-16 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 OmniTV;Cx2388x AvStream Video Capture; C:\WINDOWS\system32\DRIVERS\OmniTV.sys [2007-08-06 243584]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-01 230272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-12-17 23832]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
S3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2008-12-17 66456]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
S3 LVUVC;QuickCam Orbit/Sphere AF(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-12-17 6364440]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SamsonLLDriver;Samson LL Driver; C:\WINDOWS\System32\Drivers\SamsonLLDriver.sys [2006-12-12 56832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;PCTV 330e/8x0e Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 476288]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 38656]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-01-11 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
R2 JungleDiskService;JungleDiskService; C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [2009-04-28 5271824]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-24 92008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Hi Cranky :)
Sorry you had to wait. I'll take the topic over. Does Spybot still detect Virtumundo infection? If it does, please post its results showing the infected item back here.
Thank you for stepping in Blade81, I appreciate the help.
Yes, Spybot reports the same infection - citing the file:
C:\WINDOWS\system32\zipfldir.dll
McAfee has not reported the infection, and I cannot say that I have noticed anything otherwise suggest there is an infection other than the Spybot S&D report.
So, what next?
Cranky
Hi,
Please upload C:\WINDOWS\system32\zipfldir.dll file to VirusTotal (http://www.virustotal.com) and post back the results or a link to the results.
Thank you Blade81
Here is the link to the results:
http://www.virustotal.com/analisis/32df665a6267231245235cc90cc17bc8f9869642d2d848e6fc8f9a417ba570fd-1246374224
Hi,
Please open a topic of the file here (http://forums.spybot.info/forumdisplay.php?f=16). The file may be a false positive.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 14 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read the requirements and privacy statement then click on the Accept button.
The program will launch and start to download the latest definition files.
You will be prompted to install an application from Kaspersky. Click Run
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
Click on Save Report As....
Change the Files of type to Text file (.txt) before clicking on the Save button.
Save this report to a convenient place.
Copy and paste that information & a fresh hjt log into your topic.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.