Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Possible Infection

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default Possible Infection

    Their may be something taking my computer down. It was locked up last night and my daughter swears she didn't download anything. Now my touch pad mouse doesn't work and my keyboard only works sometimes. Wll you please take a look at this Logfile and see if theirs something there? I do have a keylogger installed for my families protection. Thank You

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:10:44 PM, on 1/1/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    C:\Program Files\Common Files\Rockwell\RsvcHost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...lcache=2&hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\MPK\MPK.exe,
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)


    If you can do those few things, everything should go smoothly

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe


    ----------------------------------------------------------------------------------------

    I apologize for the delay in responding, but as you can probably see the forums are quite busy.
    Unfortunately there are far more people needing help than there are helpers.

    If you still require help please do the following


    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #3
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by User at 2009-01-07 19:17:38
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 7 GB (21%) free of 35 GB
    Total RAM: 1247 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:17:57 PM, on 1/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Rockwell\RsvcHost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\rundll32.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\VUIK4LNY\RSIT[1].exe
    C:\Program Files\Trend Micro\HijackThis\User.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...lcache=2&hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\MPK\MPK.exe,
    O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: (no name) - {b47b2b76-b320-4459-8697-16cf63846049} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O8 - Extra context menu item: &Search - ?p=ZCxdm869MTUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1230924792843
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: agflbv.dll
    O20 - Winlogon Notify: nnnlmNFx - C:\WINDOWS\
    O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
    O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8340 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\McDefragTask.job
    C:\WINDOWS\tasks\McQcTask.job
    C:\WINDOWS\tasks\njjeaaec.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CC58E49-097B-498A-AD81-4CBD4F38B35E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DA5970E-5B7C-4979-BBA6-852B44AC3B50}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F171007-95F0-4162-8B84-C960169FA0AD}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
    McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b47b2b76-b320-4459-8697-16cf63846049}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD7406D9-E616-4529-B3D4-07040131D1AC}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-07-10 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-07-10 114688]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-28 385024]
    "NWEReboot"= []
    "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-12 1282048]
    "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576]
    "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
    "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
    "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-10-30 98304]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-10-30 499712]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-07-18 868352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-10-30 499712]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-10-30 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="agflbv.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2003-07-10 319488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmNFx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "HideFastUserSwitching"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
    "C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
    "C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe"="C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v16.00.00 "
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\Program Files\MPK\Mpk.exe"="C:\Program Files\MPK\Mpk.exe:*:Enabled:TCP\IP"
    "C:\Program Files\MPK\MpkView.exe"="C:\Program Files\MPK\MpkView.exe:*:Enabled:TCP\IP"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    shell\AutoRun\command - G:\VKC180PV.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e25b8f-d293-11dd-a892-00032512eeb6}]
    shell\AutoRun\command - F:\rcaeasyrip_setup.exe
    shell\install\command - F:\rcaeasyrip_setup.exe
    shell\usermanualEnglish\command - F:\rcaeasyrip_setup.exe /pdf_English
    shell\usermanualFrench\command - F:\rcaeasyrip_setup.exe /pdf_French
    shell\usermanualSpanish\command - F:\rcaeasyrip_setup.exe /pdf_Spanish

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0f4260-0967-11dd-a606-00032512eeb6}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3e19d2-d12c-11dd-a891-00032512eeb6}]
    shell\AutoRun\command - G:\VKC180PV.exe


    ======List of files/folders created in the last 2 months======

    2009-01-07 19:17:38 ----D---- C:\rsit
    2009-01-07 10:25:57 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
    2009-01-07 10:25:55 ----A---- C:\WINDOWS\system32\SynTPCoI.dll
    2009-01-07 10:25:54 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
    2009-01-07 10:25:54 ----A---- C:\WINDOWS\system32\SynCtrl.dll
    2009-01-07 10:25:54 ----A---- C:\WINDOWS\system32\SynCOM.dll
    2009-01-07 10:25:53 ----D---- C:\Program Files\Synaptics
    2009-01-05 09:19:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2009-01-05 09:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2009-01-05 09:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2009-01-02 17:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-01-02 17:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-01-02 17:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-01-02 17:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-01-02 17:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2009-01-02 17:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2009-01-02 17:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2009-01-02 17:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-01-02 17:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-01-02 17:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2009-01-02 17:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-01-02 17:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2009-01-02 17:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-01-02 17:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-01-02 17:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-01-02 17:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
    2009-01-02 17:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
    2009-01-02 17:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-01-02 17:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2009-01-02 17:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-01-02 17:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-01-02 17:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-01-02 17:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-01-02 17:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2009-01-02 16:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
    2009-01-02 16:52:15 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-01-02 16:47:55 ----D---- C:\WINDOWS\Prefetch
    2009-01-02 16:36:59 ----D---- C:\WINDOWS\system32\scripting
    2009-01-02 16:36:58 ----D---- C:\WINDOWS\l2schemas
    2009-01-02 16:36:57 ----D---- C:\WINDOWS\system32\en
    2009-01-02 16:36:56 ----D---- C:\WINDOWS\system32\bits
    2009-01-02 16:32:43 ----D---- C:\WINDOWS\ServicePackFiles
    2009-01-02 16:18:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2009-01-02 13:34:34 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-12-24 08:01:22 ----A---- C:\WINDOWS\marscam.ini
    2008-12-23 21:49:12 ----D---- C:\Program Files\VKC180 Photo Viewer
    2008-12-23 21:35:13 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
    2008-12-23 21:34:47 ----D---- C:\Program Files\Mars
    2008-12-16 20:57:28 ----SHD---- C:\Program Files\MPK
    2008-12-16 18:32:33 ----SHD---- C:\WINDOWS\CSC
    2008-12-16 15:46:21 ----H---- C:\Documents and Settings\All Users\Application Data\aimt.tmp
    2008-12-16 15:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\sacache
    2008-12-16 08:42:10 ----SHD---- C:\Documents and Settings\All Users\Application Data\MPK
    2008-12-14 19:16:02 ----A---- C:\WINDOWS\system32\lfpng13n.dll
    2008-12-14 19:10:24 ----A---- C:\WINDOWS\system32\lfgif13n.dll
    2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltimg13n.dll
    2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltfil13n.dll
    2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltefx13n.dll
    2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\ltdis13n.dll
    2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
    2008-12-14 19:10:22 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
    2008-12-14 19:10:21 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
    2008-12-12 18:42:14 ----D---- C:\WINDOWS\.jagex_cache_32
    2008-12-10 10:41:46 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-10 10:41:45 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-10 10:41:45 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-10 10:41:45 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-06 09:22:40 ----D---- C:\Program Files\Common Files\McAfee
    2008-12-06 09:22:34 ----D---- C:\Program Files\McAfee.com
    2008-12-06 09:22:13 ----D---- C:\Program Files\McAfee
    2008-12-01 10:42:03 ----A---- C:\WINDOWS\rocksoft.ini
    2008-12-01 10:40:43 ----D---- C:\RSLogix 5000
    2008-12-01 10:38:32 ----D---- C:\Program Files\RSLogix 5000 Module Profiles
    2008-12-01 09:38:29 ----D---- C:\Program Files\ControlFLASH
    2008-11-24 22:38:07 ----A---- C:\WINDOWS\system32\g48.exe
    2008-11-24 22:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-11-24 22:22:28 ----A---- C:\WINDOWS\system32\vbzip10.dll
    2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\vba
    2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\PIX
    2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\mp2
    2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\IO2
    2008-11-24 22:19:10 ----D---- C:\WINDOWS\system32\FND
    2008-11-24 22:18:52 ----D---- C:\WINDOWS\system32\dPI02
    2008-11-24 22:18:52 ----D---- C:\Temp
    2008-11-24 14:53:37 ----A---- C:\WINDOWS\EVMOVE.INI
    2008-11-24 14:50:44 ----A---- C:\WINDOWS\EVMoveW.INI
    2008-11-24 14:39:21 ----D---- C:\Documents and Settings\All Users\Application Data\Rockwell
    2008-11-24 14:28:38 ----D---- C:\Program Files\Rockwell Automation
    2008-11-24 14:23:08 ----A---- C:\WINDOWS\system32\haspvdd.dll
    2008-11-24 14:23:06 ----A---- C:\WINDOWS\system32\SNTI386.DLL
    2008-11-24 14:23:06 ----A---- C:\WINDOWS\system32\RNBOVDD.DLL
    2008-11-24 14:22:50 ----D---- C:\WINDOWS\system32\RNBOSENT
    2008-11-24 14:22:43 ----D---- C:\Program Files\GLOBEtrotter Software Inc
    2008-11-24 14:21:48 ----D---- C:\Program Files\Rockwell Software
    2008-11-24 14:19:54 ----D---- C:\WINDOWS\system32\URTTEMP
    2008-11-24 14:10:22 ----D---- C:\Program Files\Common Files\Rockwell
    2008-11-19 08:36:55 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-11-19 08:36:35 ----D---- C:\Program Files\SiteAdvisor
    2008-11-12 09:33:12 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
    2008-11-12 09:33:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-12 09:33:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-11 12:23:47 ----D---- C:\Program Files\Trend Micro
    2008-11-10 20:35:11 ----SH---- C:\WINDOWS\system32\dsuawnoa.ini
    2008-11-10 20:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft
    2008-11-10 20:23:26 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
    2008-11-08 21:24:37 ----ASH---- C:\WINDOWS\system32\OYxIRXbc.ini
    2008-11-08 11:41:02 ----A---- C:\WINDOWS\system32\37aab72e-.txt
    2008-11-08 11:40:18 ----ASH---- C:\WINDOWS\system32\poqtvyxx.ini

    ======List of files/folders modified in the last 2 months======

    2009-01-07 19:17:42 ----D---- C:\WINDOWS\Temp
    2009-01-07 12:30:54 ----D---- C:\WINDOWS\system32\drivers
    2009-01-07 10:28:47 ----D---- C:\WINDOWS
    2009-01-07 10:27:01 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-07 10:26:17 ----D---- C:\WINDOWS\system32
    2009-01-07 10:26:09 ----HD---- C:\WINDOWS\inf
    2009-01-07 10:26:09 ----D---- C:\WINDOWS\system32\CatRoot
    2009-01-07 10:26:05 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-07 10:25:53 ----RD---- C:\Program Files
    2009-01-07 10:08:05 ----SH---- C:\boot.ini
    2009-01-07 10:08:04 ----A---- C:\WINDOWS\win.ini
    2009-01-07 10:08:04 ----A---- C:\WINDOWS\system.ini
    2009-01-07 06:49:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-01-06 16:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-05 11:27:55 ----D---- C:\Program Files\Quicken
    2009-01-05 11:16:27 ----A---- C:\WINDOWS\QUICKEN.INI
    2009-01-05 09:22:52 ----HD---- C:\Config.Msi
    2009-01-05 09:19:16 ----A---- C:\WINDOWS\imsins.BAK
    2009-01-05 09:18:34 ----SHD---- C:\WINDOWS\Installer
    2009-01-04 22:19:04 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-02 17:12:33 ----D---- C:\Program Files\Messenger
    2009-01-02 17:11:15 ----D---- C:\Program Files\Internet Explorer
    2009-01-02 17:04:02 ----D---- C:\WINDOWS\WinSxS
    2009-01-02 17:03:42 ----D---- C:\WINDOWS\Registration
    2009-01-02 17:03:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-01-02 16:51:17 ----A---- C:\WINDOWS\OEWABLog.txt
    2009-01-02 16:48:56 ----A---- C:\WINDOWS\setuplog.txt
    2009-01-02 16:47:07 ----D---- C:\WINDOWS\system32\Setup
    2009-01-02 16:47:07 ----D---- C:\WINDOWS\ime
    2009-01-02 16:47:07 ----D---- C:\WINDOWS\AppPatch
    2009-01-02 16:47:05 ----D---- C:\WINDOWS\system32\wbem
    2009-01-02 16:47:03 ----RSD---- C:\WINDOWS\Fonts
    2009-01-02 16:43:33 ----D---- C:\WINDOWS\security
    2009-01-02 16:37:24 ----D---- C:\WINDOWS\system32\inetsrv
    2009-01-02 16:37:23 ----D---- C:\WINDOWS\network diagnostic
    2009-01-02 16:37:22 ----D---- C:\WINDOWS\Help
    2009-01-02 16:37:00 ----D---- C:\WINDOWS\system32\usmt
    2009-01-02 16:37:00 ----D---- C:\WINDOWS\system32\en-US
    2009-01-02 16:36:56 ----D---- C:\WINDOWS\PeerNet
    2009-01-02 16:36:56 ----D---- C:\Program Files\Movie Maker
    2009-01-02 16:32:22 ----D---- C:\WINDOWS\system32\Restore
    2009-01-02 16:32:21 ----D---- C:\WINDOWS\system32\npp
    2009-01-02 16:32:21 ----D---- C:\WINDOWS\mui
    2009-01-02 16:32:19 ----D---- C:\WINDOWS\msagent
    2009-01-02 16:32:16 ----D---- C:\WINDOWS\srchasst
    2009-01-02 16:32:15 ----D---- C:\Program Files\NetMeeting
    2009-01-02 16:32:11 ----D---- C:\WINDOWS\system32\Com
    2009-01-02 16:32:06 ----D---- C:\Program Files\Windows Media Player
    2009-01-02 16:32:05 ----D---- C:\Program Files\Windows NT
    2009-01-02 16:32:04 ----D---- C:\Program Files\Outlook Express
    2009-01-02 16:31:58 ----D---- C:\Program Files\Common Files\System
    2009-01-02 16:31:24 ----D---- C:\WINDOWS\system32\oobe
    2009-01-02 16:31:20 ----D---- C:\WINDOWS\system
    2009-01-02 16:18:44 ----D---- C:\WINDOWS\ehome
    2009-01-02 13:44:17 ----D---- C:\WINDOWS\Debug
    2009-01-02 13:34:43 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-01-02 13:33:28 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-01-01 21:33:19 ----D---- C:\WINDOWS\system32\config
    2009-01-01 21:31:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-01-01 10:19:58 ----A---- C:\WINDOWS\WININIT.INI
    2009-01-01 08:47:06 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-12-30 13:54:28 ----D---- C:\Program Files\Common Files\Motorola Shared
    2008-12-28 19:07:14 ----D---- C:\Documents and Settings\User\Application Data\Focus Mp3 Recorder
    2008-12-25 09:29:49 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
    2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-10 10:41:11 ----D---- C:\Program Files\Java
    2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-06 09:23:15 ----SD---- C:\WINDOWS\Tasks
    2008-12-06 09:22:40 ----D---- C:\Program Files\Common Files
    2008-11-25 14:02:59 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-24 22:22:32 ----D---- C:\Documents and Settings\User\Application Data\LimeWire
    2008-11-24 14:22:12 ----RSD---- C:\WINDOWS\assembly
    2008-11-10 20:19:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-11-10 20:18:06 ----D---- C:\Documents and Settings\User\Application Data\AVG7
    2008-11-10 14:11:12 ----RHD---- C:\$VAULT$.AVG
    2008-11-08 22:01:17 ----D---- C:\Program Files\MySpace

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-07-17 66992]
    R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-07-17 24698]
    R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-18 259328]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
    R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
    R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-18 118409]
    R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-18 213120]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
    R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
    R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2002-12-11 11044]
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
    R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-05-01 30592]
    R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-08-04 120094]
    R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-08-04 96858]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
    R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2003-09-26 291712]
    R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2003-09-26 272128]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-05-01 1107200]
    R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-05-01 165504]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-08-04 91419]
    R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
    R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
    R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
    R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-18 22745]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-10-30 178432]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-05-01 622848]
    S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
    S1 SISAGPP;SISAGPP; C:\WINDOWS\System32\drivers\SISAGPP.sys []
    S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-18 21993]
    S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
    S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
    S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
    S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
    S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
    S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
    S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
    R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
    R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
    R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
    R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
    R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
    R2 RsvcHost;Rockwell Application Services; C:\Program Files\Common Files\Rockwell\RsvcHost.exe [2005-06-23 131072]
    R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-12 20480]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
    S2 FactoryTalk Activation Service;FactoryTalk Activation Service; C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2003-11-17 659456]
    S2 RNADiagnosticsService;FactoryTalk Diagnostics Local Reader; C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe [2005-06-23 28672]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
    S3 RNADiagReceiver;FactoryTalk Diagnostics CE Receiver; C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe [2005-06-23 65536]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------
    info.txt logfile of random's system information tool 1.05 2009-01-07 19:18:01

    ======Uninstall list======

    -->"C:\Program Files\Biblesoft\PC Study Bible 3.0\Program\UninPCSB.exe"
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    360Share Pro(remove only)-->"C:\Program Files\360Share Pro\bt-uninst.exe"
    ABB FlexPendant Viewer-->MsiExec.exe /I{2431B6F7-8783-4319-BAB7-58E96FD382BC}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
    ATT-AACE-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
    Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
    CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
    Conexant AC-Link Audio-->CIAunwdm.exe
    ControlFLASH-->MsiExec.exe /I{3A810E8B-A239-4FA1-878F-B5F92CD7D6EC}
    Easy CD & DVD Creator 6-->MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
    FactoryTalk Activation Server v2.00.01 (CPR 7)-->MsiExec.exe /I{D9D4E861-D412-491A-98DD-F24342CC03DD}
    Focus MP3 Recorder Pro 3.4-->"C:\Program Files\Focus MP3 Recorder Pro\unins000.exe"
    GLOBEtrotter FLEXid Drivers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Image Zone Express-->MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B}
    HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
    Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Motorola Software Update-->MsiExec.exe /I{D5203057-E552-4903-BF49-5CC0F9E5EC84}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    OLYMPUS Master 2-->MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
    Parker Isysnet Analog Module Profiles-->MsiExec.exe /X{2ACA8536-E7A2-4914-9597-DBA635D93492}
    Parker Isysnet ASCII Module Profile-->MsiExec.exe /X{C3ED335A-3156-4152-B96A-D44A0B1A55A3}
    Parker Isysnet Discrete Module Profiles-->MsiExec.exe /X{893727BF-9C7C-483F-9E69-D8314DB21186}
    PC Study Bible 3 A.R.L.-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35D68F6E-6642-4D77-B4C9-213470CD7D23}\SETUP.EXE" -uninst
    PC Study Bible 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Biblesoft\PC Study Bible 3.0\Uninst.isu"
    PC Study Bible Ver. 3.3A Update and Bonus Content-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70C3FAE8-3A8D-11D6-A229-00105ACA0D03}\Setup.exe" -uninst
    Photo Viewer-->MsiExec.exe /I{67183F00-3DDC-497B-A090-4E2B79EAF1CD}
    QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
    Rockwell Automation 1734 Analog Module Profiles-->MsiExec.exe /X{FC07B277-E45F-47AF-BE00-09B03B356899}
    Rockwell Automation 1734 ASCII Module Profiles-->MsiExec.exe /X{23727D32-E8A7-418D-BF8D-97A79FF793C1}
    Rockwell Automation 1734 Discrete Module Profiles-->MsiExec.exe /X{357187EE-8B25-467D-A567-88C735932174}
    Rockwell Automation 1734 Specialty Module Profiles-->MsiExec.exe /X{39363D4F-BF1C-447C-8014-F7966A9975D9}
    Rockwell Automation 1738 Analog Module Profiles-->MsiExec.exe /X{6AFEDA45-288E-445F-A176-FCD42AFA74FE}
    Rockwell Automation 1738 ASCII Module Profiles-->MsiExec.exe /X{A2C6C8E7-3540-4A0C-8C87-DAA164B0740B}
    Rockwell Automation 1738 Discrete Module Profiles-->MsiExec.exe /X{A393179D-478D-40C7-A6A2-90B9F34C2341}
    Rockwell Automation 1738 Specialty Module Profiles-->MsiExec.exe /X{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}
    Rockwell Automation 1756 CNet Comms Module Profiles-->MsiExec.exe /X{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}
    Rockwell Automation 1756 ENet Comms Module Profiles-->MsiExec.exe /X{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}
    Rockwell Automation 1756 HART Module Profiles-->MsiExec.exe /X{AAF8A903-9A85-43DF-A35C-3E5549484DDA}
    Rockwell Automation 1769 Analog Module Profiles-->MsiExec.exe /X{2ABE52D6-0F52-48F6-9AB7-A7DDAACD8654}
    Rockwell Automation 1769 Analog Module Profiles-->MsiExec.exe /X{842CDC14-718F-4063-9D48-36E982E12946}
    Rockwell Automation 1769 Boolean Module Profiles-->MsiExec.exe /X{449AD43D-AEF6-439B-B936-B1E239B8944C}
    Rockwell Automation 1769 Discrete Module Profiles-->MsiExec.exe /X{7033EFFB-90EA-4A54-9807-FB4AACA52A0B}
    Rockwell Automation 1769 Specialty Module Profiles-->MsiExec.exe /X{E4355DEE-167C-4BD3-9FD7-0F389EBF3981}
    Rockwell Automation 1791DS Discrete Module Profiles-->MsiExec.exe /X{28302E0C-2E42-4635-8657-078C88989BEF}
    Rockwell Automation Drives PowerFlex 4 Module Profiles-->MsiExec.exe /X{66B72D42-0209-4F45-857A-D509649FC74B}
    Rockwell Automation Drives PowerFlex 7 Module Profiles-->MsiExec.exe /X{5EFD7668-C7D7-401E-BF4C-F10CEE02ED9E}
    Rockwell Automation Drives SCANport Module Profiles-->MsiExec.exe /X{102AC368-2BC1-482D-85B9-5C38F5025F8B}
    Rockwell Automation Generic Safety Module Profiles-->MsiExec.exe /X{F699127B-51FB-44DF-AD6A-8AC498BA9684}
    Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    RSLogix 5000 Module Profile Core-->MsiExec.exe /X{903B8611-2695-4B42-A613-1394AD01F511}
    RSLogix 5000 Module Profile Setup Utility-->MsiExec.exe /X{110ACB92-B678-4CAC-870F-86F1326219D6}
    RSLogix 5000 Online Books v16.00.00-->MsiExec.exe /I{20010016-D5FD-11DA-A128-000C29473C90}
    RSLogix 5000 Start Page Media v16.00.05-->MsiExec.exe /I{10050016-D5FD-11DA-A128-000C29473C90}
    RSLogix 5000 System Updates-->MsiExec.exe /X{8E10471D-5CBF-4080-972D-2E6451420B7F}
    RSLogix 5000 v15.01-->MsiExec.exe /X{30010115-EC33-11D6-A408-F6139379CBFB}
    RSLogix 5000 v16.00.00 -->MsiExec.exe /I{30010016-EC33-11D6-A408-F6139379CBFB}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
    SoftK56 Data Fax-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_202F161F\HXFSETUP.EXE -U -Iem202f5.inf
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
    UltraEdit-32-->"C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
    UltraSentry-->"C:\Program Files\IDM Computer Solutions\UltraSentry\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraSentry\install.log" -u
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VKC180 Photo Viewer-->"C:\Program Files\VKC180 Photo Viewer\unins000.exe"
    Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0-->C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr7910_1ffef370f39864f3aaa62219d434ae06b02b70ab
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WM Recorder 11.3-->C:\Program Files\WMR11\Uninstal.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

    =====HijackThis Backups=====

    O2 - BHO: {73518f3d-acc0-cf28-07e4-5e130b472348} - {843274b0-31e5-4e70-82fc-0ccad3f81537} - C:\WINDOWS\system32\zazhuf.dll
    O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
    O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
    O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
    O20 - AppInit_DLLs: zazhuf.dll
    O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
    O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
    O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
    O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
    O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
    O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
    O2 - BHO: (no name) - {b47b2b76-b320-4459-8697-16cf63846049} - (no file)

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: McAfee VirusScan
    FW: McAfee Personal Firewall

    System event log

    Computer Name: YOUR-9C09040F1A
    Event Code: 7036
    Message: The Wireless Zero Configuration service entered the stopped state.

    Record Number: 28504
    Source Name: Service Control Manager
    Time Written: 20081215160748.000000-360
    Event Type: information
    User:

    Computer Name: YOUR-9C09040F1A
    Event Code: 7035
    Message: The Wireless Zero Configuration service was successfully sent a stop control.

    Record Number: 28503
    Source Name: Service Control Manager
    Time Written: 20081215160747.000000-360
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: YOUR-9C09040F1A
    Event Code: 7036
    Message: The Application Layer Gateway Service service entered the running state.

    Record Number: 28502
    Source Name: Service Control Manager
    Time Written: 20081215160743.000000-360
    Event Type: information
    User:

    Computer Name: YOUR-9C09040F1A
    Event Code: 7036
    Message: The Fast User Switching Compatibility service entered the running state.

    Record Number: 28501
    Source Name: Service Control Manager
    Time Written: 20081215160743.000000-360
    Event Type: information
    User:

    Computer Name: YOUR-9C09040F1A
    Event Code: 7035
    Message: The Fast User Switching Compatibility service was successfully sent a start control.

    Record Number: 28500
    Source Name: Service Control Manager
    Time Written: 20081215160743.000000-360
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Application event log

    Computer Name: YOUR-9C09040F1A
    Event Code: 1
    Message:
    Record Number: 6163
    Source Name: Avg7UpdSvc
    Time Written: 20081108215829.000000-360
    Event Type: information
    User:

    Computer Name: YOUR-9C09040F1A
    Event Code: 1000
    Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
    The Record Data contains the new index values assigned
    to this service.

    Record Number: 6162
    Source Name: LoadPerf
    Time Written: 20081108212719.000000-360
    Event Type: information
    User:

    Computer Name: YOUR-9C09040F1A
    Event Code: 1001
    Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
    The Record Data contains the new values of the system Last Counter and
    Last Help registry entries.

    Record Number: 6161
    Source Name: LoadPerf
    Time Written: 20081108212717.000000-360
    Event Type: information
    User:

    Computer Name: YOUR-9C09040F1A
    Event Code: 1000
    Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
    The Record Data contains the new index values assigned
    to this service.

    Record Number: 6160
    Source Name: LoadPerf
    Time Written: 20081108204644.000000-360
    Event Type: information
    User:

    Computer Name: YOUR-9C09040F1A
    Event Code: 1001
    Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
    The Record Data contains the new values of the system Last Counter and
    Last Help registry entries.

    Record Number: 6159
    Source Name: LoadPerf
    Time Written: 20081108204641.000000-360
    Event Type: information
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\IDM Computer Solutions\UltraEdit-32;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Rockwell Automation\Common\Components
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
    "PROCESSOR_REVISION"=0401
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Step 1

    Malwarebytes' Anti-Malware
    I notice that you have MBAM installed, please do the following

    • Start MalwareBytes AntiMalware
      • Update Malwarebytes' Anti-Malware
      • Select the Update tab
      • Click Update
    • When the update is complete, select the Scanner tab
    • Select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    ----------------------------------------------------------- -----------------------------------------------------------
    Step 2



    OTMoveIt
    Please download OTMoveIt3 by OldTimer and save it to your desktop
    • Double-click OTMoveIt3.exe to run it.
    • Copy the lines in the codebox below. ( Make sure you include :Processes )

    Code:
    :Processes
    explorer.exe
    :Services
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CC58E49-097B-498A-AD81-4CBD4F38B35E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DA5970E-5B7C-4979-BBA6-852B44AC3B50}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F171007-95F0-4162-8B84-C960169FA0AD}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b47b2b76-b320-4459-8697-16cf63846049}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD7406D9-E616-4529-B3D4-07040131D1AC}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NWEReboot"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmNFx]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\drivers\svchost.exe"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e25b8f-d293-11dd-a892-00032512eeb6}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0f4260-0967-11dd-a606-00032512eeb6}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3e19d2-d12c-11dd-a891-00032512eeb6}]
    :Files
    C:\WINDOWS\system32\vbzip10.dll
    C:\WINDOWS\system32\g48.exe
    C:\WINDOWS\system32\dsuawnoa.ini
    C:\WINDOWS\system32\OYxIRXbc.ini
    C:\WINDOWS\system32\37aab72e-.txt
    C:\WINDOWS\system32\poqtvyxx.ini
    C:\Documents and Settings\User\Application Data\LimeWire
    C:\WINDOWS\tasks\njjeaaec.job
    :Commands
    [Purity]
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
    • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

    • - Close ALL open windows (especially Internet Explorer!)-
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt3


    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    ----------------------------------------------------------- -----------------------------------------------------------
    Step 3

    Fix With HJT

    Close all other windows and then start HiJack This
    Click Do A System Scan Only
    When it has finished scanning put a check next to the following lines IF still present
    O2 - BHO: (no name) - {2CC58E49-097B-498A-AD81-4CBD4F38B35E} - (no file)
    O2 - BHO: (no name) - {6DA5970E-5B7C-4979-BBA6-852B44AC3B50} - (no file)
    O2 - BHO: (no name) - {7F171007-95F0-4162-8B84-C960169FA0AD} - (no file)
    O2 - BHO: (no name) - {b47b2b76-b320-4459-8697-16cf63846049} - (no file)
    O2 - BHO: (no name) - {FD7406D9-E616-4529-B3D4-07040131D1AC} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O8 - Extra context menu item: &Search - ?p=ZCxdm869MTUS

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

    O20 - AppInit_DLLs: agflbv.dll
    O20 - Winlogon Notify: nnnlmNFx - C:\WINDOWS\
    - Close ALL open windows (especially Internet Explorer!)-
    Now click Fix checked
    Click yes to any prompts
    Close HijackThis

    ----------------------------------------------------------- -----------------------------------------------------------
    Step 4

    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    ----------------------------------------------------------- -----------------------------------------------------------
    Step 5


    Remove Programs

    Older versions of some programs have vulnerabilities that malware can use to infect your system.

    Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
    click on the program to highlight it, and click on remove.
    • Java(TM) 6 Update 3
      Java(TM) 6 Update 7
    Now close the Control Panel.

    ----------------------------------------------------------- -----------------------------------------------------------
    Step 6

    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    • MalwareBytes Log
    • OTMI Log
    • Combofix Log
    • How are things running now ?


    ----------------------------------------------------------- -----------------------------------------------------------

    Additional Notes



    Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Adobe Reader is a large program and uses unnecessary space.
    If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

    There is a newer version of Adobe Acrobat Reader available.
    • Please go to this link Adobe Acrobat Reader Download Link
    • Click Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts


    When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

    Adobe Reader 8.1.3
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  5. #5
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default

    I ran Malwarebytes yesterday and there was a problem found. I had it fix the problem so that is why there are no problems now. I did find that I have virtumonde earlier this week. I had SpyBot delete it also. I will finish the steps now. Thank You very much for all the help and advice. My touchpad mouse doesn't work anymore because of this. I've tried to reload drivers and nothing. Hopefully this works!

    Malwarebytes' Anti-Malware 1.32
    Database version: 1630
    Windows 5.1.2600 Service Pack 3

    1/8/2009 8:53:22 AM
    mbam-log-2009-01-08 (08-53-22).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 144175
    Time elapsed: 1 hour(s), 28 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

  6. #6
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default OT Moveit file

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CC58E49-097B-498A-AD81-4CBD4F38B35E}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DA5970E-5B7C-4979-BBA6-852B44AC3B50}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F171007-95F0-4162-8B84-C960169FA0AD}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b47b2b76-b320-4459-8697-16cf63846049}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD7406D9-E616-4529-B3D4-07040131D1AC}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmNFx\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e25b8f-d293-11dd-a892-00032512eeb6}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0f4260-0967-11dd-a606-00032512eeb6}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3e19d2-d12c-11dd-a891-00032512eeb6}\\ deleted successfully.
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\vbzip10.dll
    C:\WINDOWS\system32\vbzip10.dll NOT unregistered.
    C:\WINDOWS\system32\vbzip10.dll moved successfully.
    C:\WINDOWS\system32\g48.exe moved successfully.
    C:\WINDOWS\system32\dsuawnoa.ini moved successfully.
    C:\WINDOWS\system32\OYxIRXbc.ini moved successfully.
    C:\WINDOWS\system32\37aab72e-.txt moved successfully.
    C:\WINDOWS\system32\poqtvyxx.ini moved successfully.
    C:\Documents and Settings\User\Application Data\LimeWire\xml\schemas moved successfully.
    C:\Documents and Settings\User\Application Data\LimeWire\xml\misc moved successfully.
    C:\Documents and Settings\User\Application Data\LimeWire\xml\data moved successfully.
    C:\Documents and Settings\User\Application Data\LimeWire\xml moved successfully.
    C:\Documents and Settings\User\Application Data\LimeWire\themes\360SharePro_theme moved successfully.
    C:\Documents and Settings\User\Application Data\LimeWire\themes moved successfully.
    C:\Documents and Settings\User\Application Data\LimeWire moved successfully.
    C:\WINDOWS\tasks\njjeaaec.job moved successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\mcafee_VtiA3KonnsNcAYK scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\mcmsc_ocZSMjpRbC5Y4YF scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\mcmsc_txpQYVCDfccWu4M scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\sqlite_dPygTedGqgaF5xt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\sqlite_EGY3rNpprFWeIOS scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\sqlite_khVpEjh3Qx14MXd scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_091942

    Files moved on Reboot...
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
    C:\WINDOWS\temp\mcafee_VtiA3KonnsNcAYK moved successfully.
    C:\WINDOWS\temp\mcmsc_ocZSMjpRbC5Y4YF moved successfully.
    File C:\WINDOWS\temp\mcmsc_txpQYVCDfccWu4M not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_734.dat not found!
    C:\WINDOWS\temp\sqlite_dPygTedGqgaF5xt moved successfully.
    C:\WINDOWS\temp\sqlite_EGY3rNpprFWeIOS moved successfully.
    C:\WINDOWS\temp\sqlite_khVpEjh3Qx14MXd moved successfully.
    File move failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be moved on reboot.

  7. #7
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default Combo Fix Log

    ComboFix 09-01-07.02 - User 2009-01-08 9:52:26.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1247.842 [GMT -6:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\temp\FT62
    c:\temp\FT62\teTU.log
    c:\temp\tn3
    c:\windows\Fonts\a.zip
    c:\windows\SNMPAPI.DLL
    c:\windows\system32\dPI02
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\MabryObj.dll
    c:\windows\system32\packet.dll
    c:\windows\system32\sinvfct.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    c:\windows\wiaserviv.log
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
    .

    2009-01-08 09:19 . 2009-01-08 09:19 <DIR> d-------- C:\_OTMoveIt
    2009-01-07 19:17 . 2009-01-07 19:18 <DIR> d-------- C:\rsit
    2009-01-07 10:25 . 2009-01-07 10:25 <DIR> d-------- c:\program files\Synaptics
    2009-01-07 10:25 . 2003-10-30 16:43 178,432 --a------ c:\windows\system32\drivers\SynTP.sys
    2009-01-07 10:25 . 2003-10-30 16:44 110,592 --a------ c:\windows\system32\SynCtrl.dll
    2009-01-07 10:25 . 2003-10-30 16:44 90,112 --a------ c:\windows\system32\SynTPAPI.dll
    2009-01-07 10:25 . 2003-10-30 16:48 77,824 --a------ c:\windows\system32\SynTPCoI.dll
    2009-01-07 10:25 . 2003-10-30 16:43 77,824 --a------ c:\windows\system32\SynCOM.dll
    2009-01-07 10:25 . 2003-10-30 16:46 65,536 --a------ c:\windows\system32\SynTPFcs.dll
    2009-01-07 10:08 . 2009-01-07 15:32 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-07 10:08 . 2009-01-07 10:08 1,409 --a------ c:\windows\QTFont.for
    2009-01-02 16:52 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
    2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\system32\scripting
    2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\system32\en
    2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\system32\bits
    2009-01-02 16:36 . 2009-01-02 16:36 <DIR> d-------- c:\windows\l2schemas
    2009-01-02 16:32 . 2009-01-02 16:32 <DIR> d-------- c:\windows\ServicePackFiles
    2009-01-02 14:36 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
    2009-01-02 14:35 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-01-02 14:35 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-01-02 14:35 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-01-02 14:35 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-01-02 14:34 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-02 14:33 . 2008-06-13 05:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
    2009-01-02 14:33 . 2008-08-14 04:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
    2009-01-02 14:29 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
    2009-01-02 14:20 . 2004-08-03 22:29 25,471 --------- c:\windows\system32\drivers\watv10nt.sys
    2009-01-02 14:20 . 2004-08-03 22:29 22,271 --------- c:\windows\system32\drivers\watv06nt.sys
    2009-01-02 14:20 . 2004-08-03 22:29 11,935 --------- c:\windows\system32\drivers\wadv11nt.sys
    2009-01-02 14:20 . 2004-08-03 22:29 11,871 --------- c:\windows\system32\drivers\wadv09nt.sys
    2009-01-02 14:20 . 2004-08-03 22:29 11,807 --------- c:\windows\system32\drivers\wadv07nt.sys
    2009-01-02 14:20 . 2004-08-03 22:29 11,295 --------- c:\windows\system32\drivers\wadv08nt.sys
    2009-01-02 14:14 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
    2009-01-02 14:03 . 2008-05-08 08:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
    2009-01-02 13:59 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
    2009-01-02 13:59 . 2008-05-01 08:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
    2009-01-02 13:40 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-01-02 13:40 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-01-02 13:34 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
    2009-01-01 21:41 . 2009-01-06 17:02 570 --a------ c:\windows\system32\runkgb.lnk
    2008-12-24 08:01 . 2008-12-24 08:20 36 --a------ c:\windows\marscam.ini
    2008-12-24 07:54 . 2008-04-13 12:46 85,248 --a------ c:\windows\system32\drivers\nabtsfec.sys
    2008-12-24 07:54 . 2008-04-13 12:46 19,200 --a------ c:\windows\system32\drivers\wstcodec.sys
    2008-12-24 07:54 . 2008-04-13 12:46 17,024 --a------ c:\windows\system32\drivers\ccdecode.sys
    2008-12-24 07:54 . 2008-04-13 18:12 16,384 --a------ c:\windows\system32\ipsink.ax
    2008-12-24 07:54 . 2008-04-13 12:46 15,232 --a------ c:\windows\system32\drivers\streamip.sys
    2008-12-24 07:54 . 2008-04-13 12:46 11,136 --a------ c:\windows\system32\drivers\slip.sys
    2008-12-24 07:54 . 2008-04-13 12:46 10,880 --a------ c:\windows\system32\drivers\ndisip.sys
    2008-12-24 07:54 . 2008-04-13 12:39 5,504 --a------ c:\windows\system32\drivers\mstee.sys
    2008-12-23 21:49 . 2008-12-23 21:49 <DIR> d-------- c:\program files\VKC180 Photo Viewer
    2008-12-23 21:35 . 2008-04-13 18:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
    2008-12-23 21:35 . 2008-04-13 18:12 61,952 --a------ c:\windows\system32\kstvtune.ax
    2008-12-23 21:35 . 2008-04-13 18:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
    2008-12-23 21:35 . 2008-04-13 18:12 43,008 --a------ c:\windows\system32\ksxbar.ax
    2008-12-23 21:35 . 2008-04-13 18:12 28,672 --a------ c:\windows\system32\vidcap.ax
    2008-12-23 21:34 . 2008-12-23 21:34 <DIR> d-------- c:\program files\Mars
    2008-12-16 20:57 . 2009-01-06 17:02 <DIR> d--hs---- c:\program files\MPK
    2008-12-16 20:57 . 2009-01-06 17:02 570 --a------ c:\windows\system32\runrefog.lnk
    2008-12-16 18:30 . 2008-12-16 18:30 <DIR> d--hs---- c:\documents and settings\All Users\common
    2008-12-16 15:07 . 2008-12-16 17:27 314 ---h----- c:\documents and settings\All Users\Application Data\emopts.dat
    2008-12-16 15:03 . 2008-12-17 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\sacache
    2008-12-16 08:42 . 2009-01-08 09:28 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\MPK
    2008-12-14 19:16 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
    2008-12-14 19:10 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
    2008-12-14 19:10 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
    2008-12-14 19:10 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
    2008-12-14 19:10 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
    2008-12-14 19:10 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
    2008-12-14 19:10 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
    2008-12-14 19:10 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
    2008-12-14 19:10 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
    2008-12-12 18:42 . 2008-12-12 18:42 <DIR> d-------- c:\windows\.jagex_cache_32
    2008-12-12 18:42 . 2008-12-14 13:43 31 --a------ c:\documents and settings\User\jagex_runescape_preferences.dat
    2008-12-10 10:41 . 2008-12-10 10:41 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-08 13:21 --------- d-----w c:\program files\Quicken
    2009-01-07 18:30 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-01-06 22:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-05 00:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-05 00:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-12-30 19:54 --------- d-----w c:\program files\Common Files\Motorola Shared
    2008-12-29 01:07 --------- d-----w c:\documents and settings\User\Application Data\Focus Mp3 Recorder
    2008-12-23 14:54 --------- d-----w c:\program files\McAfee
    2008-12-10 16:41 --------- d-----w c:\program files\Java
    2008-12-06 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-06 15:24 --------- d-----w c:\program files\Common Files\McAfee
    2008-12-06 15:23 --------- d-----w c:\program files\McAfee.com
    2008-12-06 14:28 --------- d-----w c:\program files\SiteAdvisor
    2008-12-02 13:21 17,044 --sh--r C:\EVRSI.SYS
    2008-12-01 17:14 --------- d-----w c:\program files\Rockwell Software
    2008-12-01 17:14 --------- d-----w c:\program files\Common Files\Rockwell
    2008-12-01 16:59 --------- d-----w c:\program files\RSLogix 5000 Module Profiles
    2008-12-01 15:38 --------- d-----w c:\program files\ControlFLASH
    2008-11-25 20:02 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-25 04:34 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
    2008-11-24 20:39 --------- d-----w c:\documents and settings\All Users\Application Data\Rockwell
    2008-11-24 20:28 --------- d-----w c:\program files\Rockwell Automation
    2008-11-24 20:23 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
    2008-11-24 20:23 453,632 ----a-w c:\windows\system32\drivers\hardlock.sys
    2008-11-24 20:22 --------- d-----w c:\program files\GLOBEtrotter Software Inc
    2008-11-19 15:05 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
    2008-11-19 14:36 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-11-12 15:33 --------- d-----w c:\documents and settings\User\Application Data\Malwarebytes
    2008-11-12 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-11 18:23 --------- d-----w c:\program files\Trend Micro
    2008-11-11 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee Anti-Theft
    2008-11-11 02:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
    2008-11-11 02:18 --------- d-----w c:\documents and settings\User\Application Data\AVG7
    2008-11-09 04:01 --------- d-----w c:\program files\MySpace
    2008-11-08 01:08 --------- d-----w c:\documents and settings\User\Application Data\MySpace
    2008-10-22 15:23 6,147 ----a-w c:\program files\PCLICSB.DAT
    2008-08-19 23:29 20,728 ----a-w c:\documents and settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2008-06-19 16:53 258 ---h--r c:\program files\Common Files\LMF.DAT
    2007-12-04 13:28 1,663 ----a-w c:\windows\inf\COM7C.tmp
    2007-11-06 14:08 5,914 ----a-w c:\documents and settings\User\bpk.dat
    2007-10-17 12:19 705 ----a-w c:\documents and settings\User\web.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-28 385024]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
    "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 499712]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2004-09-13 15:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    --a------ 2007-09-04 13:52 95536 c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    --a------ 2003-07-18 17:23 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    --a------ 2003-05-01 18:44 65536 c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2003-10-30 16:46 499712 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2003-10-30 16:46 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "GetModule27"="c:\program files\GetModule\GetModule27.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
    "c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\MPK\\Mpk.exe"=
    "c:\\Program Files\\MPK\\MpkView.exe"=

    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-06 206096]
    S1 SISAGPP;SISAGPP;c:\windows\system32\drivers\SISAGPP.sys --> c:\windows\system32\drivers\SISAGPP.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-09-18 18176]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-09-18 7680]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-09-18 23680]
    S4 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2003-11-17 659456]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2008-12-06 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/accounts/Serv...lcache=2&hl=en
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: *.turbotax.com
    .

    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLTRYSVC.EXE
    c:\windows\system32\BCMWLTRY.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Common Files\Rockwell\RsvcHost.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-08 10:00:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-08 16:00:36

    Pre-Run: 7,893,053,440 bytes free
    Post-Run: 7,835,201,536 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    264 --- E O F --- 2009-01-07 12:49:53

  8. #8
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default Sorry about the mess

    I am sorry about the mutiple post. Maybe I should have read all the steps before posting the request. The computer is running fine so far. However, I still do not have the touch pad (synaptics) mouse working. This all happened when the computer locked up. Do you think that (myspace or youtube) could have had anything to do with this. Thanks for your help and I am including a (Hijack this) log.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:24:03 AM, on 1/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Rockwell\RsvcHost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...lcache=2&hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\MPK\MPK.exe
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1230924792843
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
    O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7809 bytes

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Information
    1) I am sorry about the mutiple post. Maybe I should have read all the steps before posting the request.
    2) I still do not have the touch pad (synaptics) mouse working. This all happened when the computer locked up.
    3) Do you think that (myspace or youtube) could have had anything to do with this.
    1) Don't apologise, you need multiple posts to get all the logs in properly
    2) There is no obvious reason showing in your lo why the touch pad isn't working ?
    3) Very likely, they are both very dangerous places.
    ----------------------------------------------------------- -----------------------------------------------------------

    Step 1

    OTMoveIt
    Please download OTMoveIt3 by OldTimer and save it to your desktop
    • Double-click OTMoveIt3.exe to run it.
    • Copy the lines in the codebox below. ( Make sure you include :Processes )

    Code:
    :Processes
    :Reg
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "GetModule27"=-
    :Files
    c:\program files\GetModule
    • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

    • - Close ALL open windows (especially Internet Explorer!)-
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt3


    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    ----------------------------------------------------------- -----------------------------------------------------------
    Step 2



    Active Scan
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Please go to this site Link >> ActiveScan << LINK
    • Click the Scan Now button
    • Follow the prompts to install the Active X if necessary
    • Go and make a cup of tea/coffee/beverage of your choice and watch some TV
    • When the scan is finished, a report will be generated
    • Next to Scan Details click the small export to notepad button and save the report to your desktop.
    • Please post the report in your reply.



    ----------------------------------------------------------- -----------------------------------------------------------
    Step 3


    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    • OTMI Log
    • Active Scan Log
    • How are things running now ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  10. #10
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default Log Files

    Here are the two log files. Keep in mind that I do have a keylogger installed on the computer for my family. You mentioned that (myspace) was dangerous. Without taking it away, is there anything I can do to minimize these issues. Thank You again for everything.

    Active Scan

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-01-09 07:26:04
    PROTECTIONS: 2
    MALWARE: 23
    SUSPECTS: 11
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee Internet Security Suite 2007 9.0 No Yes
    McAfee VirusScan Plus 13.0 No No
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00097389 Application/PerfectKeyLog.A HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP222\A0070784.dll
    00097389 Application/PerfectKeyLog.A HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0075288.dll
    00101945 HackTool/Samdump HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\PWDump2\pwdump2.zip[pwdump2/samdump.dll]
    00101945 HackTool/Samdump HackTools No 0 No No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe[C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe][pwdump2\samdump.dll]
    00101946 HackTool/Samdump HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\PWDump2\pwdump2.zip[pwdump2/pwdump2.exe]
    00101946 HackTool/Samdump HackTools No 0 No No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe[C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe][pwdump2\pwdump2.exe]
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@www.burstbeacon[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@questionmarket[2].txt
    00321319 HackTool/RockXp4 HackTools No 1 No No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe[C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe][RockXP4_.exe]
    00461964 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\richtx.dll
    00461964 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0076356.dll
    00493927 Adware/MxLiveMedia Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\01082009_091942\WINDOWS\system32\g48.exe
    00506589 HackTool/RockXp4 HackTools No 1 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\RockXP\RockXP.exe
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP262\A0088929.EXE
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP262\A0088918.sys
    02896274 Application/BigBrother HackTools No 0 Yes No C:\Documents and Settings\All Users\common\dll\netdr\dmm.dll
    02896274 Application/BigBrother HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0076346.dll
    02896275 Application/BigBrother HackTools No 0 Yes No C:\Documents and Settings\All Users\common\dll\netdr\winl.dll
    02896275 Application/BigBrother HackTools No 0 Yes No C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP235\A0076340.dll
    02987821 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/unique.exe]
    02987821 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unique.exe
    02987822 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/john-mmx.exe]
    02987822 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\john-mmx.exe
    02987823 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/john-386.exe]
    02987823 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\john-386.exe
    02987824 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/unafs.exe]
    02987824 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unafs.exe
    02987825 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john1701\run\unshadow.exe
    02987825 Hacktool/JohnRip HackTools No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Password Crackers\John the Cracker\john171w.zip[john1701/run/unshadow.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\User\Desktop\Software\Ultra Compare\UltraCompareKeygen.exe
    03548697 Trj/Clicker.ALY Virus/Trojan No 1 No No C:\_OTMoveIt\MovedFiles\01082009_091942\WINDOWS\system32\g48.exe[■%%\²şÇ]
    03992023 Application/BigBrother HackTools No 0 Yes No C:\Documents and Settings\All Users\common\dll\netdr\mdm.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location ,
    ;===================================================================================================================================================================================
    No C:\Program Files\MPK\Mpk.dll ,
    No C:\Program Files\MPK\MPK.exe

    OTMoveIt3

    ========== PROCESSES ==========
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-\\GetModule27 deleted successfully.
    ========== FILES ==========
    File/Folder c:\program files\GetModule not found.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_192419

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •