HIT log virtumonde virus

[Samwise]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:34 AM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\WINDOWS\system32\CTsvcCDA.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\WINDOWS\system32\HPZipm12.exe
i:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\Program Files\Spyware Doctor\pctsAuxs.exe
I:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\Program Files\Spyware Doctor\pctsSvc.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\WINDOWS\ehome\mcrdsvc.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\ehome\ehtray.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
I:\WINDOWS\system32\Rundll32.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\Program Files\Spyware Doctor\pctsTray.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=i:\windows\system32\userinit.exe,I:\WINDOWS\system32\MPK\MPK.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - I:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - I:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - I:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - I:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - I:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - I:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - I:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VolPanel] "I:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "I:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [iLike] I:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] I:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Global Startup: dlbcserv.lnk = I:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://I:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - I:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.proxy.library.vcu.edu/lib/vacommonwealth/support/plugins/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download1.answers.com/pub/AnswersSetup.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185802791406
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://oak2.vcu.edu/dwa7W.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - I:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - I:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - I:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - I:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - I:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - I:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - I:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Record Service (RemoteRecord) - - i:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14036 bytes

 

[Shaba]

Hi Samwise

Please post next spybot report

 

[Samwise]

Shaba, Next spybot report

Shaba, I am not sure what you mean. Do I run Spybot again and see if it still finds virtumonde?

 

[Shaba]

Please do this:

Produce a short log (showing items flagged)

* Open SpyBot.
* Check for problems.
* When the scan completes, right click on the results list, select "Copy results to clipboard".
* Paste (Ctrl+V) those results into a new post.

 

[Samwise]

Spybot results pasted from clipboard

KGBKeylogger: [SBI $1A582544] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\M0000

KGBKeylogger: [SBI $1A582544] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\S0000

KGBKeylogger: [SBI $A85C4950] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\1\D0000

KGBKeylogger: [SBI $A85C4950] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\1\S0000

KGBKeylogger: [SBI $26D34EB3] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\2\D0000

KGBKeylogger: [SBI $26D34EB3] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\2\S0000

KGBKeylogger: [SBI $EA794E2D] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\3\D0000

KGBKeylogger: [SBI $EA794E2D] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\3\S0000

KGBKeylogger: [SBI $9091F1D3] Link (File, nothing done)
I:\WINDOWS\system32\runkgb.lnk

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\alarms.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\clipboard.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\computer.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\delivery.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\file.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\filters.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\imhelp.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\internet.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\invisible.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\keyboard.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\logging.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\log_size.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\need_update_net.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\password.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\programs.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\screenshot.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\settings_node.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\update.htm

KGBKeylogger: [SBI $D2963DDD] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\English\users_node.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\alarms.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\clipboard.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\computer.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\delivery.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\file.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\filters.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\imhelp.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\internet.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\invisible.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\keyboard.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\logging.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\log_size.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\need_update_net.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\password.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\programs.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\screenshot.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\settings_node.htm

KGBKeylogger: [SBI $4BEEA583] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\German\users_node.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\alarms.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\clipboard.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\computer.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\delivery.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\filters.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\internet.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\invisible.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\keyboard.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\logging.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\log_size.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\password.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\programs.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\screenshot.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\settings_node.htm

KGBKeylogger: [SBI $B556FC4C] Web page (File, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\users_node.htm

KGBKeylogger: [SBI $662F7776] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mpkreg

KGBKeylogger: [SBI $003BA064] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=...,I:\WINDOWS\system32\MPK\MPK.exe...

KGBKeylogger: [SBI $90C7533C] Program directory (Directory, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\1\

KGBKeylogger: [SBI $BBEA00FF] Program directory (Directory, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\2\

KGBKeylogger: [SBI $9B3AB12D] Program directory (Directory, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\

KGBKeylogger: [SBI $D7779977] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\I:\WINDOWS\system32\MPK\Mpk.exe

KGBKeylogger: [SBI $57644BC2] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\I:\WINDOWS\system32\MPK\MpkView.exe

KGBKeylogger: [SBI $3386F374] Program directory (Directory, nothing done)
I:\WINDOWS\system32\MPK\Help\English\

KGBKeylogger: [SBI $0016EA3E] Program directory (Directory, nothing done)
I:\WINDOWS\system32\MPK\Help\German\

KGBKeylogger: [SBI $BFFF1102] Program directory (Directory, nothing done)
I:\WINDOWS\system32\MPK\Help\

KGBKeylogger: [SBI $122A9C36] Program directory (Directory, nothing done)
I:\WINDOWS\system32\MPK\Help\Spanish\

KGBKeylogger: [SBI $F271D3ED] Program directory (Directory, nothing done)
I:\WINDOWS\system32\MPK\

KGBKeylogger.REFOG: [SBI $3A361CF1] Data (File, nothing done)
I:\WINDOWS\system32\MPK\French.lng

KGBKeylogger.REFOG: [SBI $3A361CF1] Data (File, nothing done)
I:\WINDOWS\system32\MPK\German.lng

KGBKeylogger.REFOG: [SBI $3A361CF1] Data (File, nothing done)
I:\WINDOWS\system32\MPK\Romanian.lng

KGBKeylogger.REFOG: [SBI $3A361CF1] Data (File, nothing done)
I:\WINDOWS\system32\MPK\Spanish.lng

KGBKeylogger.REFOG: [SBI $1A6F4E8E] Picture (File, nothing done)
I:\WINDOWS\system32\MPK\Images\english.gif

KGBKeylogger.REFOG: [SBI $1A6F4E8E] Picture (File, nothing done)
I:\WINDOWS\system32\MPK\Images\german.gif

KGBKeylogger.REFOG: [SBI $1A6F4E8E] Picture (File, nothing done)
I:\WINDOWS\system32\MPK\Images\russian.gif

KGBKeylogger.REFOG: [SBI $3620A3B7] Picture (File, nothing done)
I:\WINDOWS\system32\MPK\Images\vista_hide.bmp

KGBKeylogger.REFOG: [SBI $3620A3B7] Picture (File, nothing done)
I:\WINDOWS\system32\MPK\Images\xp_hide.bmp

KGBKeylogger.REFOG: [SBI $C2823DAA] Program directory (Directory, nothing done)
I:\WINDOWS\system32\MPK\Images\

Microsoft.Windows.AppFirewallBypass: [SBI $BF3C460D] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\I:\WINDOWS\system32\MPK\Mpk.exe

Microsoft.Windows.AppFirewallBypass: [SBI $6A38EA91] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\I:\WINDOWS\system32\MPK\Mpk.exe

Microsoft.Windows.AppFirewallBypass: [SBI $85D70693] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\I:\WINDOWS\system32\MPK\MpkView.exe

Microsoft.Windows.AppFirewallBypass: [SBI $30F61FD4] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\I:\WINDOWS\system32\MPK\MpkView.exe

Virtumonde: [SBI $92386332] Library (File, nothing done)
I:\WINDOWS\system32\zipfldr.dll


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-07-11 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

 

[Shaba]

Your version of spybot is old.

Please update it, rescan with new version and let me know what it finds after that.

 

[Samwise]

Ok

I will update this a.m., scan today, and post results in p.m.:thanks:

 

[Samwise]

no updates

Spybot is telling me, no newer updates available, which is also what it said the other day. Should I click beta version?

 

[Samwise]

Now it is stopping: "scan incomplete, stopped by user"

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-07-11 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-04-28 Includes\Beta.sbi (*)
2007-11-06 Includes\Beta.uti (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

 

[Shaba]

Well newest version is 1.6.2 and you can download it here

 

[Samwise]

Scan results log with v. 162

KGBKeylogger: [SBI $1A582544] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\M0000
Properties.size=13312
Properties.md5=746435623F3782ECABE2BE8123553470
Properties.filedate=1247373107
Properties.filedatetext=2009-07-12 00:31:47

KGBKeylogger: [SBI $1A582544] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\S0000
Properties.size=87
Properties.md5=3287558E165CD2493F9534ED178A25C1
Properties.filedate=1247447650
Properties.filedatetext=2009-07-12 21:14:09

KGBKeylogger: [SBI $A85C4950] Data (File, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\1\D0000
Properties.size=56320
Properties.md5=EF881F29F6B8CEBBF817AF2D9DEBAE7E
Properties.filedate=1247373107
Properties.filedatetext=2009-07-12 00:31:47

KGBKeylogger: [SBI $90C7533C] Program directory (Directory, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\1\

KGBKeylogger: [SBI $9B3AB12D] Program directory (Directory, nothing done)
I:\Documents and Settings\All Users\Application Data\MPK\

KGBKeylogger: [SBI $F271D3ED] Program directory (Directory, nothing done)
I:\WINDOWS\system32\MPK\

Right Media: Tracking cookie (Internet Explorer: John Salay) (Cookie, nothing done)


AdRevolver: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Common Dialogs: History (20 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
I:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
I:\WINDOWS\imsins.log

Log: Activity: OEWABLog.txt (Backup file, nothing done)
I:\WINDOWS\OEWABLog.txt

Log: Install: comsetup.log (Backup file, nothing done)
I:\WINDOWS\comsetup.log

Log: Install: Directx.log (Backup file, nothing done)
I:\WINDOWS\Directx.log

Log: Install: ocgen.log (Backup file, nothing done)
I:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
I:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
I:\WINDOWS\setupapi.log

Log: Install: setuplog.txt (Backup file, nothing done)
I:\WINDOWS\setuplog.txt

Log: Install: svcpack.log (Backup file, nothing done)
I:\WINDOWS\svcpack.log

Log: Install: wmsetup.log (Backup file, nothing done)
I:\WINDOWS\wmsetup.log

Log: Install: DtcInstall.log (Backup file, nothing done)
I:\WINDOWS\DtcInstall.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
I:\WINDOWS\System32\wbem\logs\wmiprov.log

Cookie: Cookie (76) (Cookie, nothing done)


Cache: Cache (2047) (Cache, nothing done)


History: History (93) (History, nothing done)


Cookie: Cookie (43) (Cookie, nothing done)


Cookie: Cookie (701) (Cookie, nothing done)


History: History (5109) (History, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-01-28 SDWinSec.exe (1.0.0.11)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

 

[Shaba]

Have you installed KGBKeylogger on purpose?

 

[Samwise]

KGBKeylogger

No. The first I've heard of it is when it came up on the v162 scan. What is it? I Have in the past weeks tried multipbe things to get rid of virtumonde and to speed up computer. Also, my default operating drive is "I" and I also installed a 1tb buffalo external hd. Thanks for sticking with me on this problem.

 

[Shaba]

Here is some information about it.

Are you the only user for this computer?

 

[Samwise]

KGBKeylogger

There is another user who says he has installed a frogger (?) program in the past but does not think he installed kgbkeylogger. I do not want anything on my computer that is keeping track of key strokes or otherwise "spying". How do I get rid of them? A program called memeobackup installed with the new hard drive.

 

[Samwise]

update

I know that refog keylogger was downloaded (unauthorized).

 

[Shaba]

So we continue with this:

Download at your desktop DDS from one of the links below:

Link 1
Link 2

• Double click the tool to run it.
• A black Screen will open, just read the contents and do nothing.
• When the tool finish it will open 2 reports.
• Copy/paste both reports back here and remove DDS from your desktop.

 

[Samwise]

attach file is attached and also cut & pasted

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2007 2:17:13 PM
System Uptime: 7/11/2009 3:21:22 PM (89 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 54.476 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is CDROM ()
H: is CDROM ()
I: is FIXED (NTFS) - 149 GiB total, 30.041 GiB free.
J: is Removable
K: is FIXED (NTFS) - 466 GiB total, 381.441 GiB free.
L: is FIXED (NTFS) - 466 GiB total, 436.94 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP754: 6/14/2009 12:05:47 PM - Removed Microsoft Encarta Encyclopedia Standard 2005
RP755: 6/14/2009 3:23:26 PM - SetPoint 4.72
RP756: 6/15/2009 4:18:00 PM - System Checkpoint
RP757: 6/16/2009 3:07:31 PM - Installed Oblivion
RP758: 6/16/2009 3:17:25 PM - Installed DirectX 9.0
RP759: 6/17/2009 9:14:35 PM - System Checkpoint
RP760: 6/18/2009 7:23:03 PM - Software Distribution Service 3.0
RP761: 6/18/2009 8:38:27 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP762: 6/18/2009 8:55:10 PM - Removed Costco Photo Organizer
RP763: 6/18/2009 8:55:16 PM - Installed Costco Photo Organizer
RP764: 6/19/2009 7:42:31 AM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP765: 6/19/2009 11:54:56 PM - Restore Operation
RP766: 6/20/2009 12:06:39 AM - Restore Operation
RP767: 6/20/2009 12:13:15 AM - Restore Operation
RP768: 6/20/2009 11:34:29 AM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP769: 6/20/2009 4:16:40 PM - Restore Operation
RP770: 6/20/2009 4:56:19 PM - Restore Operation
RP771: 6/20/2009 10:11:45 PM - Restore Operation
RP772: 6/21/2009 2:59:50 AM - Spyware Doctor: Cleaning Threats
RP773: 6/21/2009 11:57:51 AM - Software Distribution Service 3.0
RP774: 6/21/2009 12:53:45 PM - Installed AVG Free 8.5
RP775: 6/21/2009 1:10:32 PM - Spyware Doctor: Cleaning Threats
RP776: 6/21/2009 1:38:01 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP777: 6/21/2009 3:36:27 PM - Spyware Doctor: Cleaning Threats
RP778: 6/22/2009 4:18:39 PM - System Checkpoint
RP779: 6/23/2009 5:18:14 PM - System Checkpoint
RP780: 6/24/2009 6:18:29 PM - System Checkpoint
RP781: 6/25/2009 7:05:36 PM - Spyware Doctor: Cleaning Threats
RP782: 6/26/2009 8:13:08 PM - System Checkpoint
RP783: 6/27/2009 8:48:27 PM - System Checkpoint
RP784: 6/29/2009 1:16:13 AM - System Checkpoint
RP785: 6/29/2009 8:43:02 AM - Avg8 Update
RP786: 6/29/2009 6:32:26 PM - Revo Uninstaller's restore point - RegCure 1.6.0.0
RP787: 7/1/2009 1:05:05 AM - System Checkpoint
RP788: 7/1/2009 8:50:54 PM - Revo Uninstaller's restore point - RealPlayer
RP789: 7/2/2009 11:15:20 PM - System Checkpoint
RP790: 7/4/2009 12:33:17 AM - System Checkpoint
RP791: 7/5/2009 1:00:22 AM - Software Distribution Service 3.0
RP792: 7/6/2009 1:03:53 AM - System Checkpoint
RP793: 7/7/2009 2:02:52 AM - System Checkpoint
RP794: 7/8/2009 3:02:58 AM - System Checkpoint
RP795: 7/8/2009 8:39:45 PM - Software Distribution Service 3.0
RP796: 7/9/2009 9:04:05 PM - System Checkpoint
RP797: 7/10/2009 10:19:57 PM - System Checkpoint
RP798: 7/12/2009 1:19:57 AM - System Checkpoint
RP799: 7/13/2009 1:47:56 AM - System Checkpoint
RP800: 7/14/2009 2:26:57 AM - System Checkpoint
RP801: 7/15/2009 3:26:58 AM - System Checkpoint

==== Installed Programs ======================

5600
5600_Help
5600Trb
Acoustica MP3 To Wave Converter PLUS
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Media Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Aim Plugin for QQ Games
AIM Toolbar
AIMTunes
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
Blaze Media Pro
Blender (remove only)
BUFFALO HD-WIU2/R1 RAID Setup Utility
BufferChm
Cain & Abel v4.9.18
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CDDRV_Installer
Collab
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Costco Photo Organizer
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Creative Audio Console
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WaveStudio 7
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Resource CD
DellConnect
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Digital Locker Assistant
DivX Content Uploader
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
Download Updater (AOL LLC)
Driver Detective
EA Download Manager
ERUNT 1.1j
ESPNMotion
eSupportQFolder
Fax
Firebird SQL Server - MAGIX Edition
Form Fill (Windows Live Toolbar)
FullDPAppQFolder
GemMaster Mystic
GenoPro 2.0.1.2
getPlus(R)_ocx
Glary Utilities 2.13.0.689
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
ieSpell
IL Download Manager
iLike Sidebar
ImageConverter Plus 7.1
InstantShareDevices
Intel(R) PRO Network Connections Drivers
iTunes
Jarte
Jasc Paint Shop Photo Album
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
KhalInstallWrapper
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
LG USB Modem driver
LimeWire 4.18.1
Logitech Registration
Logitech SetPoint
Map Button (Windows Live Toolbar)
MarketResearch
Memeo AutoBackup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires Gold
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Standard Edition 2003
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Web Authoring Component
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIRC
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.20)
MSN
MSN Remote Record service
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NewCopy
Oblivion
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
Otto
Paint.NET v3.10
PanoStandAlone
PhotoGallery
Popup Blocker (Windows Live Toolbar)
ProductContext
QQ Games
QQ Pool
QQ Treasure Hunter
QuickTime
RandMap
Readme
ReaGIF 2.0
ReaJPEG 3.1
ReaJPEG Pro 3.5
Revo Uninstaller 1.83
Rhapsody Player Engine
Rome - Total War
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
SigmaTel Audio
Skins
SkinsHP1
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
SolutionCenter
Sonic Encoders
Sonic_PrimoSDK
Sound Blaster X-Fi Xtreme Audio
Spybot - Search & Destroy
Spyware Doctor 6.0
Status
TallStick TS-AudioToMIDI 3.20 (remove only)
Text-To-Speech-Runtime
ToneThis 3.0
TotalImageConverter
Toxic Biohazard
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music with Rhapsody
Viewpoint Media Player
Wallpaper du jour 1.0
WebFldrs XP
WebReg
West Point Bridge Designer 2007
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/12/2009 9:11:06 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file i:\windows\system32\zipfldr.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/11/2009 3:22:54 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.
7/10/2009 9:15:02 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
7/10/2009 7:43:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the sdCoreService service.
7/10/2009 4:49:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
7/10/2009 12:05:16 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
a

 

[Samwise]

DDS report

DDS (Ver_09-06-26.01) - NTFSx86
Run by John Salay at 8:04:19.51 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.196 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
svchost.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\WINDOWS\system32\CTsvcCDA.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\WINDOWS\system32\HPZipm12.exe
i:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
svchost.exe
I:\WINDOWS\system32\svchost.exe -k imgsvc
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\System32\svchost.exe -k HTTPFilter
I:\WINDOWS\system32\Ati2evxx.exe
I:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\Program Files\AVG\AVG8\avgscanx.exe
I:\Program Files\AVG\AVG8\avgcsrvx.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\ehome\ehtray.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\WINDOWS\system32\Rundll32.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
I:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
I:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\John Salay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.excite.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - i:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - i:\program files\aim toolbar\aimtb.dll
mWinlogon: Userinit=i:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - i:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - i:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - i:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - i:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - i:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - i:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - i:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - i:\program files\aim toolbar\aimtb.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - i:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - i:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - i:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - i:\program files\windows live toolbar\msntb.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - i:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - i:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - i:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - i:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - i:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
mRun: [ehTray] i:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "i:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] i:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "i:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [VolPanel] "i:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] i:\progra~1\avg\avg8\avgtray.exe
dRun: [iLike] i:\program files\ilike\1.2.14\ilikesidebar.exe /checkforupdate
StartupFolder: i:\docume~1\johnsa~1\startm~1\programs\startup\memeoa~1.lnk - i:\docume~1\johnsa~1\applic~1\microsoft\installer\{bd1f8143-c678-43cd-a296-a3a32a8c2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - i:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - i:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - i:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - i:\program files\logitech\setpoint\SetPoint.exe
IE: &Windows Live Search - i:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - i:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://i:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://i:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - i:\program files\aim toolbar\aimtb.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - i:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - i:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: dyssouth.com\www
Trusted Zone: excite.com\www
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.proxy.library.vcu.edu/lib/vacommonwealth/support/plugins/ebraryRdr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185802791406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://oak2.vcu.edu/dwa7W.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - i:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - i:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - i:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: LBTWlgn - i:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - i:\docume~1\johnsa~1\applic~1\mozilla\firefox\profiles\0p2oy5h0.default\
FF - component: i:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: i:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: i:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: i:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: i:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: i:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;i:\windows\system32\drivers\PCTCore.sys [2009-6-21 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;i:\windows\system32\drivers\avgldx86.sys [2009-6-21 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;i:\windows\system32\drivers\avgmfx86.sys [2007-7-13 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;i:\windows\system32\drivers\avgtdix.sys [2009-6-21 108552]
R1 OxFWLF;OxFWLF;i:\windows\system32\drivers\OxFWLF.sys [2009-6-5 12043]
R2 avg8wd;AVG Free8 WatchDog;i:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-21 298776]
R2 McrdSvc;Media Center Extender Service;i:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;i:\program files\viewpoint\common\ViewpointService.exe [2008-10-8 24652]
R3 Angel;Angel MPEG Device;i:\windows\system32\drivers\Angel.sys [2007-7-12 376320]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;i:\program files\common files\creative labs shared\service\MT6Licensing.exe [2008-12-25 79360]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;i:\program files\magix\common\database\bin\fbserver.exe [2008-2-11 1527900]
S3 OXUDIDRV;OXUDIDRV;i:\windows\system32\drivers\OXUDIDRV_X32.sys [2009-6-5 21248]
S3 sdAuxService;PC Tools Auxiliary Service;i:\program files\spyware doctor\pctsAuxs.exe [2009-6-21 348752]
S3 sdCoreService;PC Tools Security Service;i:\program files\spyware doctor\pctsSvc.exe [2009-6-21 1095560]

=============== Created Last 30 ================

2009-07-10 10:16 <DIR> --d----- i:\program files\Trend Micro
2009-07-09 23:59 597 a------- i:\windows\system32\runrefog.lnk
2009-07-05 01:00 0 a---h--- i:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 01:00 21,504 a------- i:\windows\system32\drivers\hidserv.dll
2009-06-22 04:36 <DIR> --d-h--- I:\$AVG8.VAULT$
2009-06-21 13:28 <DIR> --d----- i:\program files\VS Revo Group
2009-06-21 13:08 <DIR> --dsh--- i:\documents and settings\john salay\IECompatCache
2009-06-21 13:05 <DIR> --dsh--- i:\documents and settings\john salay\PrivacIE
2009-06-21 13:00 <DIR> --dsh--- i:\documents and settings\john salay\IETldCache
2009-06-21 12:54 11,952 a------- i:\windows\system32\avgrsstx.dll
2009-06-21 12:54 327,688 a------- i:\windows\system32\drivers\avgldx86.sys
2009-06-21 12:54 108,552 a------- i:\windows\system32\drivers\avgtdix.sys
2009-06-21 12:54 <DIR> --d----- i:\windows\system32\drivers\Avg
2009-06-21 12:54 <DIR> --d----- i:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-21 12:53 <DIR> --d----- i:\program files\AVG
2009-06-21 12:53 <DIR> --d----- i:\docume~1\alluse~1\applic~1\avg8
2009-06-21 12:05 12,800 -c------ i:\windows\system32\dllcache\xpshims.dll
2009-06-21 12:05 246,272 -c------ i:\windows\system32\dllcache\ieproxy.dll
2009-06-21 12:05 <DIR> --d----- i:\windows\ie8updates
2009-06-21 12:05 102,912 -c------ i:\windows\system32\dllcache\iecompat.dll
2009-06-21 12:04 <DIR> -cd-h--- i:\windows\ie8
2009-06-21 02:50 159,600 a------- i:\windows\system32\drivers\pctgntdi.sys
2009-06-21 02:49 130,936 a------- i:\windows\system32\drivers\PCTCore.sys
2009-06-21 02:49 73,840 a------- i:\windows\system32\drivers\PCTAppEvent.sys
2009-06-21 02:49 <DIR> --d----- i:\program files\common files\PC Tools
2009-06-21 02:49 64,392 a------- i:\windows\system32\drivers\pctplsg.sys
2009-06-21 02:49 <DIR> --d----- i:\program files\Spyware Doctor
2009-06-21 02:49 <DIR> --d----- i:\docume~1\johnsa~1\applic~1\PC Tools
2009-06-21 02:49 <DIR> --d----- i:\docume~1\alluse~1\applic~1\PC Tools
2009-06-20 22:14 <DIR> --d----- i:\windows\system32\wbem\Repository
2009-06-20 22:13 <DIR> --d----- i:\program files\Costco
2009-06-16 15:07 <DIR> --d----- i:\program files\Bethesda Softworks
2009-06-16 14:51 23 a------- i:\windows\BlendSettings.ini

==================== Find3M ====================

2009-06-22 03:51 499,712 a------- i:\windows\system32\msvcp71.dll
2009-06-22 03:51 348,160 a------- i:\windows\system32\msvcr71.dll
2009-06-14 15:25 0 a---h--- i:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-13 01:15 915,456 a------- i:\windows\system32\wininet.dll
2009-05-09 01:14 1,418,120 a------- i:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 11:32 345,600 a------- i:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- i:\windows\system32\win32k.sys
2008-12-25 15:16 61,224 a------- i:\documents and settings\john salay\GoToAssistDownloadHelper.exe
2008-08-20 08:07 1,982 a------- i:\docume~1\johnsa~1\applic~1\wklnhst.dat
2008-08-20 03:46 32,768 ac-sh--- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082020080821\index.dat

============= FINISH: 8:07:39.98 ===============

 

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.1


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

Ask Toolbar
MarketResearch

Please run a new DDS scan when finished and post the logs back here.