Malware taken over! Need help! (resolved)

[sda272]

kaspersky scan report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 12:48:03
Records in database: 2406184
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 72106
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:23:39


File name / Threat name / Threats count
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL/C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ao 1
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ao 1
C:\Qoobox\Quarantine\C\windows\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198335.scr Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

The selected area was scanned.

 

[katana]

Please run Combofix again and post the fresh log

 

[sda272]

updated combofix log

ComboFix 09-06-29.04 - Tara Brooks 06/30/2009 21:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.284 [GMT -4:00]
Running from: c:\documents and settings\Tara Brooks\Desktop\SharonCF.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\6508vi5us9z8.bin
c:\windows\6595hacktzo959.exe
c:\windows\6599s5arse7z3.ocx
c:\windows\6756bzckdoor5399.cpl
c:\windows\679ha59toolz7f.exe
c:\windows\68fadzwn5oad9r1676.exe
c:\windows\69345roj5ze.exe
c:\windows\695ethr9zt50157.exe
c:\windows\6a96spyw9rez5.exe
c:\windows\6cd5steaz980.bin
c:\windows\6e55zackd5or29459.bin
c:\windows\6z295pars99.bin
c:\windows\7098th5efz251.bin
c:\windows\7215ack9ool4b9z.ocx
c:\windows\7293vir580z.exe
c:\windows\7360downlza59r3143.cpl
c:\windows\73c1s95alz327.exe
c:\windows\73ccthrzat959355.bin
c:\windows\7593steal2z81.exe
c:\windows\7619vzrus455.exe
c:\windows\7683addwar9z505.exe
c:\windows\774cthizf18295.exe
c:\windows\7835hrzat98508.dll
c:\windows\78c95pywzre2932.dll
c:\windows\78ze5p9ware555.bin
c:\windows\790dstea59z6.ocx
c:\windows\7911backd5oz808.bin
c:\windows\795aspar9ez58.ocx
c:\windows\7984zhi5f2089.ocx
c:\windows\7992zir357.exe
c:\windows\79a495arse161z.ocx
c:\windows\79ee9parze1558.bin
c:\windows\79zbthi5f2854.exe
c:\windows\7bd0d9wnlza5er3247.ocx
c:\windows\7cz5t9reat7269.ocx
c:\windows\7f35back9oor64z.cpl
c:\windows\7z40tro5159.dll
c:\windows\808th59f15z9.exe
c:\windows\813not-z9vir5s60c.bin
c:\windows\8195ddwarez015.dll
c:\windows\8619hackt9olz9f5.dll
c:\windows\86z95irus560.dll
c:\windows\90112hack5ool4z4.exe
c:\windows\902bvir5z6.dll
c:\windows\90fca5dware3z31.bin
c:\windows\9147viruz59.bin
c:\windows\916bthzef11405.ocx
c:\windows\9225st5al186z.bin
c:\windows\92975hzcktool7c2.dll
c:\windows\936baddwzre835.exe
c:\windows\9395zo9m220.cpl
c:\windows\94a1adzware1956.dll
c:\windows\9510szambo95c7.ocx
c:\windows\95723trzj537.ocx
c:\windows\9575steal1z46.bin
c:\windows\95z5spa5bot279.exe
c:\windows\969ft5reatz8612.bin
c:\windows\97831szambot4945.bin
c:\windows\979259y2z1.bin
c:\windows\983spam5zt696.exe
c:\windows\9849tr5jzf5.exe
c:\windows\985dzhief521.exe
c:\windows\9865thzeat23013.dll
c:\windows\987avzr549.cpl
c:\windows\99098trz558e.bin
c:\windows\9933nzt-95virus3d4.dll
c:\windows\9ab1zddw5re431.bin
c:\windows\9e69hrzat935.ocx
c:\windows\9f4azddware5845.exe
c:\windows\9z050virus265.cpl
c:\windows\9z5th9ef586.bin
c:\windows\9z5threa57982.dll
c:\windows\a29zhie5973.bin
c:\windows\c3espzrse905.cpl
c:\windows\c70d9wnlz5der461.ocx
c:\windows\d595ir199z.ocx
c:\windows\f95backdoor15z7.ocx
c:\windows\fzaaddwar59779.ocx
c:\windows\system32\10295teal156z.dll
c:\windows\system32\10349sp5mbzt293.exe
c:\windows\system32\1080znot-a-vi9us40c5.bin
c:\windows\system32\11089spz5bot759.ocx
c:\windows\system32\1137s9yzfa5.exe
c:\windows\system32\11767tro59z9.bin
c:\windows\system32\11a5addw9re592z.exe
c:\windows\system32\11z965py699.exe
c:\windows\system32\12315h9cztool20a.cpl
c:\windows\system32\12550wzrm75e9.dll
c:\windows\system32\13395t5oj5e1z.ocx
c:\windows\system32\13415not-a-virus5z69.exe
c:\windows\system32\13576spamzot914.bin
c:\windows\system32\1395download59z193.ocx
c:\windows\system32\14245p9wzre2880.exe
c:\windows\system32\14293zo5m129.exe
c:\windows\system32\145ztro927.cpl
c:\windows\system32\14z14ha9ktoo539.exe
c:\windows\system32\150z9troj324.ocx
c:\windows\system32\1519vir5s909z.dll
c:\windows\system32\151bthzeat91160.dll
c:\windows\system32\1533bac9dooz694.bin
c:\windows\system32\153et5rza928299.exe
c:\windows\system32\15460not-z-virus90b.dll
c:\windows\system32\15567troz49b.dll
c:\windows\system32\155999rojz2e.dll
c:\windows\system32\1559addwa9e2455z.ocx
c:\windows\system32\1593zs5y279.cpl
c:\windows\system32\15949spy5zc.ocx
c:\windows\system32\15ebs9yware1022z.exe
c:\windows\system32\15z96spy4c1.exe
c:\windows\system32\15z9back9oor1531.ocx
c:\windows\system32\15zcs9ywar52549.exe
c:\windows\system32\1689spzrse24535.dll
c:\windows\system32\17400not-5-viru9z38.cpl
c:\windows\system32\17431zpambo592e.bin
c:\windows\system32\175z9worm35b.bin
c:\windows\system32\17zbthi9f1557.dll
c:\windows\system32\1817h5ckt9zlfb.dll
c:\windows\system32\183adzwnlo5der2092.bin
c:\windows\system32\1855559y5z4.exe
c:\windows\system32\18c49pywarz1535.cpl
c:\windows\system32\19002hazkto5l5f7.bin
c:\windows\system32\19113zpy250.ocx
c:\windows\system32\1916thiez559.exe
c:\windows\system32\19322zorm5d.cpl
c:\windows\system32\19435troj115z.exe
c:\windows\system32\195a9dwaze5859.ocx
c:\windows\system32\19878tzoj59b5.bin
c:\windows\system32\19959z5y163.bin
c:\windows\system32\1997thief538z.bin
c:\windows\system32\1999znot-a5virus4e7.cpl
c:\windows\system32\19dt5zef799.dll
c:\windows\system32\19z0ste592724.dll
c:\windows\system32\1b2ds5azse9501.ocx
c:\windows\system32\1b9zthief11759.exe
c:\windows\system32\1c55th5efz962.cpl
c:\windows\system32\20027worz6059.bin
c:\windows\system32\20039not-5zvirus179.cpl
c:\windows\system32\20094zpy45c.bin
c:\windows\system32\20259irus5a9z.cpl
c:\windows\system32\20531spzmbo9b4.bin
c:\windows\system32\2055zvirus34e9.ocx
c:\windows\system32\20629szy685.bin
c:\windows\system32\20939not-azv5rus234.dll
c:\windows\system32\209d9znl5ader426.exe
c:\windows\system32\20z85ackdoo9190.dll
c:\windows\system32\2124d9wnzoader1515.exe
c:\windows\system32\2129ztroj5365.bin
c:\windows\system32\21353zp95bot10.ocx
c:\windows\system32\213db9zkdoo51136.exe
c:\windows\system32\2189not-a-v5rus6zd.ocx
c:\windows\system32\218bth9zf750.ocx
c:\windows\system32\2190thr5at6966z.dll
c:\windows\system32\2210zs9y587.cpl
c:\windows\system32\224bspy95ze2626.exe
c:\windows\system32\22507wo9m5ez.bin
c:\windows\system32\2255zhackto9l369.exe
c:\windows\system32\22592virus1z79.ocx
c:\windows\system32\2259spazse1785.exe
c:\windows\system32\2265zspy969.ocx
c:\windows\system32\22905w9zm655.dll
c:\windows\system32\23252tz9j6015.ocx
c:\windows\system32\232555o9z678.dll
c:\windows\system32\23512wzr97f5.cpl
c:\windows\system32\23592not-5-virz97e9.dll
c:\windows\system32\235z7not-a-virus9c.cpl
c:\windows\system32\23734no9-5-vzrus143.cpl
c:\windows\system32\2374595rz4cc.cpl
c:\windows\system32\23989tr5j93dz.ocx
c:\windows\system32\24173vzrus579.ocx
c:\windows\system32\24399spyz5c.bin
c:\windows\system32\2445tr9j3fbz.dll
c:\windows\system32\24917h9cktooz1935.bin
c:\windows\system32\24adviz2595.dll
c:\windows\system32\24f49owzl5ader2509.ocx
c:\windows\system32\24z36wo5m97.exe
c:\windows\system32\25661spa9bot1bz.ocx
c:\windows\system32\25769hzckt5ol660.bin
c:\windows\system32\25785hzcktool490.exe
c:\windows\system32\25965sp56ffz.ocx
c:\windows\system32\25abtzrea915509.cpl
c:\windows\system32\25b7stez52497.dll
c:\windows\system32\25d8zteal920.exe
c:\windows\system32\25z09hief1042.dll
c:\windows\system32\263z79i5usa4.ocx
c:\windows\system32\265zac5door9535.ocx
c:\windows\system32\2696downloaderz058.cpl
c:\windows\system32\269z0worm5e0.cpl
c:\windows\system32\2751zv9rusf8.exe
c:\windows\system32\276959py25ez.cpl
c:\windows\system32\27789hzck5oo933b.bin
c:\windows\system32\27969nzt-a-vi5us580.exe
c:\windows\system32\27e95pywaze9982.dll
c:\windows\system32\27z1spy5ar91882.ocx
c:\windows\system32\27z89hackt5ol60e.dll
c:\windows\system32\28860no9-a5virus67z.dll
c:\windows\system32\289ds5ywzre1168.ocx
c:\windows\system32\29130hackzool53e.exe
c:\windows\system32\2915bac9dzor2580.dll
c:\windows\system32\29551szy9a8.dll
c:\windows\system32\29599tzoj389.ocx
c:\windows\system32\296z3v9ru5268.exe
c:\windows\system32\29969vzr9s5d6.cpl
c:\windows\system32\29976spamz5t775.exe
c:\windows\system32\29z2not-a-virus556.cpl
c:\windows\system32\29z59v9rus5f5.cpl
c:\windows\system32\2b8zdown5oader2559.exe
c:\windows\system32\2b93t5i9fz160.bin
c:\windows\system32\2ba3thr9at2z159.bin
c:\windows\system32\2badow59oadez1189.exe
c:\windows\system32\2c5sp9rsz3149.dll
c:\windows\system32\2c7aaddza5e23719.dll
c:\windows\system32\2d19spyware198z5.cpl
c:\windows\system32\2e145ozn9oader1441.exe
c:\windows\system32\2e93tzief252.bin
c:\windows\system32\2z257not9a-virus556.ocx
c:\windows\system32\2z332tro5359.ocx
c:\windows\system32\2z490sp5937.exe
c:\windows\system32\2z595hreat27811.ocx
c:\windows\system32\2z85vir3969.cpl
c:\windows\system32\2z929ddware5309.cpl
c:\windows\system32\2z952worm7a.bin
c:\windows\system32\3047threatz59.exe
c:\windows\system32\3055znot-a-virus5659.cpl
c:\windows\system32\3063tzoj659.dll
c:\windows\system32\3094z59ambot257.exe
c:\windows\system32\31582tro5z829.bin
c:\windows\system32\315abazkdoor9781.dll
c:\windows\system32\31964not-a-vi5us466z.cpl
c:\windows\system32\32001hack9ool45z.cpl
c:\windows\system32\32078s5y9z7.bin
c:\windows\system32\32259tro559ez.ocx
c:\windows\system32\3229baczdoor365.exe
c:\windows\system32\32372troz795.exe
c:\windows\system32\32667zroj5329.cpl
c:\windows\system32\3267addwarz14059.bin
c:\windows\system32\3339stzal2157.cpl
c:\windows\system32\3393ste9l28z5.dll
c:\windows\system32\33a9d9wnloaze51173.exe
c:\windows\system32\33c15tza91677.exe
c:\windows\system32\3529ad9ware1z59.dll
c:\windows\system32\352aspyware9520z.exe
c:\windows\system32\352ethreat9z443.dll
c:\windows\system32\35419spz4c5.exe
c:\windows\system32\35594worz554.bin
c:\windows\system32\35629szy6ce.ocx
c:\windows\system32\3584sp9ware2z0.cpl
c:\windows\system32\359tzief5214.bin
c:\windows\system32\35zhacktool937.dll
c:\windows\system32\36359zrm2c8.dll
c:\windows\system32\363bb5ckdoor1z119.ocx
c:\windows\system32\36c9addwaze2598.ocx
c:\windows\system32\3988hac9tool5z05.bin
c:\windows\system32\398dthief5z0.ocx
c:\windows\system32\39967z5y16b.ocx
c:\windows\system32\39orz335.exe
c:\windows\system32\39z19py4d5.cpl
c:\windows\system32\3c9aspywarz1592.bin
c:\windows\system32\3ca1spywa5e1099z.ocx
c:\windows\system32\3z201n5t-9-virusf7.cpl
c:\windows\system32\3z651no5-a-virus5e9.cpl
c:\windows\system32\3z93backdoor1205.dll
c:\windows\system32\3z98thi59426.bin
c:\windows\system32\40z8s9y5are2391.ocx
c:\windows\system32\4105worm9z.cpl
c:\windows\system32\4189s9ywar5z246.ocx
c:\windows\system32\41f9zparse93225.exe
c:\windows\system32\42z9spyware925.ocx
c:\windows\system32\430c9pzware503.cpl
c:\windows\system32\451059amzot2d.dll
c:\windows\system32\459spamboz39d.cpl
c:\windows\system32\45ca5hzeat3098.ocx
c:\windows\system32\45zspy59re411.bin
c:\windows\system32\4647stea51z039.cpl
c:\windows\system32\4652thi5z3945.exe
c:\windows\system32\473a5par9e3z81.dll
c:\windows\system32\4753hacktool7z9.dll
c:\windows\system32\4a09zh5eat9537.ocx
c:\windows\system32\4c3e5ownloadez2291.bin
c:\windows\system32\4c51sparse9z09.cpl
c:\windows\system32\4c95sparze2453.dll
c:\windows\system32\4da9thzef5539.exe
c:\windows\system32\4fz5steal593.ocx
c:\windows\system32\5005spy9z55.bin
c:\windows\system32\50682no9-a-vzrus762.bin
c:\windows\system32\506bspywar92558z.exe
c:\windows\system32\50710not-a-virzs30d9.exe
c:\windows\system32\50830viru95zb.bin
c:\windows\system32\50zfth59f2045.ocx
c:\windows\system32\512zdown5oa9er1631.ocx
c:\windows\system32\51492szy729.exe
c:\windows\system32\51905ot-a-vir9szc7.exe
c:\windows\system32\51969virus11z.exe
c:\windows\system32\51df9ownloade5z075.cpl
c:\windows\system32\52035zreat81639.bin
c:\windows\system32\521not-z-viru9536.dll
c:\windows\system32\5310h9zktool52d.bin
c:\windows\system32\53zaaddwa9e1985.bin
c:\windows\system32\540fst5al5z9.bin
c:\windows\system32\548a9dwaze6225.ocx
c:\windows\system32\54zethre9t5557.exe
c:\windows\system32\5549steal84z.exe
c:\windows\system32\555z9py32b.bin
c:\windows\system32\556z9ack5ool2aa.cpl
c:\windows\system32\556zworm3589.cpl
c:\windows\system32\559faddwzre1119.bin
c:\windows\system32\55a99zeal2962.dll
c:\windows\system32\5681spa5se1967z.exe
c:\windows\system32\5694spamb5t38z.ocx
c:\windows\system32\5695addwa5ez99.exe
c:\windows\system32\569bspzr5e2339.exe
c:\windows\system32\56c9sparse293z5.exe
c:\windows\system32\56dfszyw9r51048.exe
c:\windows\system32\56z5backdoor16189.dll
c:\windows\system32\56z5s9eal39.cpl
c:\windows\system32\57d15ownloader23z9.dll
c:\windows\system32\57db9zreat2883.dll
c:\windows\system32\57zbadd5are955.cpl
c:\windows\system32\585559py3fz.cpl
c:\windows\system32\5900dow5lozder1641.dll
c:\windows\system32\59571worm4z7.cpl
c:\windows\system32\595dtzief1780.bin
c:\windows\system32\597zth9ef5518.bin
c:\windows\system32\59a9d5wnloader2z90.exe
c:\windows\system32\59z8vir1695.dll
c:\windows\system32\59zcvi9589.bin
c:\windows\system32\5a7down9oader145z.bin
c:\windows\system32\5a9bthief5436z.exe
c:\windows\system32\5ac8bazkdoor2090.exe
c:\windows\system32\5af9addwarz576.cpl
c:\windows\system32\5b6bdownload9r28z85.bin
c:\windows\system32\5b8z9hreat27165.dll
c:\windows\system32\5cb9threat31705z.cpl
c:\windows\system32\5d16threzt296.exe
c:\windows\system32\5d1bacz9oor3142.dll
c:\windows\system32\5d58steal9959z.dll
c:\windows\system32\5d729pywzre3073.exe
c:\windows\system32\5da79pyware110z5.bin
c:\windows\system32\5e09spywar5z549.bin
c:\windows\system32\5e56do9nloader1115z.cpl
c:\windows\system32\5ed6backd9or1570z.dll
c:\windows\system32\5eedadzw95e1576.ocx
c:\windows\system32\5ez4ba95door171.exe
c:\windows\system32\5ez9ddware3154.exe
c:\windows\system32\5f42back95orz059.cpl
c:\windows\system32\5z4spyware29545.bin
c:\windows\system32\5zdethreat20497.ocx
c:\windows\system32\6030n9t-a-virzs501.ocx
c:\windows\system32\605zstea91430.exe
c:\windows\system32\6152zparse28959.exe
c:\windows\system32\6269backz9or5525.bin
c:\windows\system32\6280th9ef534z.bin
c:\windows\system32\6425zroj599.dll
c:\windows\system32\6485thie9z352.dll
c:\windows\system32\65869hief1492z.ocx
c:\windows\system32\6599backdozr2598.cpl
c:\windows\system32\659cvi91z37.ocx
c:\windows\system32\65f5ste9z81.bin
c:\windows\system32\6674zot-a9v5rus5ca.cpl
c:\windows\system32\667bvir39z95.cpl
c:\windows\system32\66b0thr9at2359z.dll
c:\windows\system32\675espyw9rez965.exe
c:\windows\system32\68dzaddwa5e9092.bin
c:\windows\system32\6902viz4755.dll
c:\windows\system32\69steal26z5.exe
c:\windows\system32\6a39zownlo5der1777.dll
c:\windows\system32\6a90t9ie5z37.dll
c:\windows\system32\6b8zspa9se17355.cpl
c:\windows\system32\6d8zthief1975.dll
c:\windows\system32\6f5cstzal3955.ocx
c:\windows\system32\6faa5h9zf3089.dll
c:\windows\system32\7073downloade53z209.dll
c:\windows\system32\715ea9zware257.ocx
c:\windows\system32\71z3s5e9l1829.bin
c:\windows\system32\722ca9dwarz5533.cpl
c:\windows\system32\7272threz598426.dll
c:\windows\system32\73bbthiz512659.ocx
c:\windows\system32\745badd9are11z8.exe
c:\windows\system32\7525sp9r5ez292.exe
c:\windows\system32\757addwz9e1568.cpl
c:\windows\system32\7599spyware180z.ocx
c:\windows\system32\75c49ir1792z.bin
c:\windows\system32\76f5s9ealz935.cpl
c:\windows\system32\7771backzo9r1508.bin
c:\windows\system32\7957a5z9are642.ocx
c:\windows\system32\796z9reat91315.ocx
c:\windows\system32\79b2sp5ware19z4.exe
c:\windows\system32\79f4bzckdoo92752.bin
c:\windows\system32\7a955ownl9zder1248.ocx
c:\windows\system32\7bc1thi5f2958z.bin
c:\windows\system32\7c5a9zr2161.dll
c:\windows\system32\7dfcbaz95oor1811.cpl
c:\windows\system32\7ffzthr5at23809.cpl
c:\windows\system32\7z15spyw5re961.bin
c:\windows\system32\7z59orm167.exe
c:\windows\system32\81025rojzd9.dll
c:\windows\system32\834thiefz5409.ocx
c:\windows\system32\8539zpy5859.bin
c:\windows\system32\8773troz5f9.bin
c:\windows\system32\89z5worm1b75.ocx
c:\windows\system32\9025vir2807z.ocx
c:\windows\system32\90612spz6455.exe
c:\windows\system32\9061h9cktozl235.bin
c:\windows\system32\90755hackzo5l7ba.dll
c:\windows\system32\91196zpambot3d45.cpl
c:\windows\system32\9145vzr5166.bin
c:\windows\system32\91650zr5j4b3.ocx
c:\windows\system32\91espyw59e155z.cpl
c:\windows\system32\9247h5ckzool7c7.ocx
c:\windows\system32\93253troz451.cpl
c:\windows\system32\934fs5yware296z.bin
c:\windows\system32\935dtzreat4332.ocx
c:\windows\system32\93839s5y571z.dll
c:\windows\system32\93abac5zoor1582.bin
c:\windows\system32\93zfs5eal558.dll
c:\windows\system32\94475spy1z0.exe
c:\windows\system32\944sp5rse95z.bin
c:\windows\system32\954wor53az.exe
c:\windows\system32\95578hacktool4z7.cpl
c:\windows\system32\95649ziru54e4.cpl
c:\windows\system32\956dstzal2256.cpl
c:\windows\system32\9597zvirus3e8.ocx
c:\windows\system32\95daddwaze7405.bin
c:\windows\system32\9649troj5cfz.bin
c:\windows\system32\965zspy299.dll
c:\windows\system32\9676backdzo5230.ocx
c:\windows\system32\969zs5y7919.ocx
c:\windows\system32\97305vizusab.bin
c:\windows\system32\97904s5amboz38a.cpl
c:\windows\system32\9805not-9-virzs2a4.ocx
c:\windows\system32\98z45tro5140.dll
c:\windows\system32\99402vi5us225z.exe
c:\windows\system32\994fbac5dozr1407.bin
c:\windows\system32\9957hacztool5d2.dll
c:\windows\system32\996bs5zrse1131.cpl
c:\windows\system32\99983haczto5l499.cpl
c:\windows\system32\9a32vir3215z.cpl
c:\windows\system32\9b7cbackzoor1255.dll
c:\windows\system32\9d85hie93049z.dll
c:\windows\system32\9dad5pywarez924.cpl
c:\windows\system32\9eab5ddwaze571.bin
c:\windows\system32\9eef5zwnloader1208.exe
c:\windows\system32\a2avi569z.ocx
c:\windows\system32\b2z9own5oader2499.bin
c:\windows\system32\b39downl5adez1269.cpl
c:\windows\system32\b695hiefz4109.exe
c:\windows\system32\b9etzief2511.bin
c:\windows\system32\c0athreaz545659.ocx
c:\windows\system32\ca5vi59705z.dll
c:\windows\system32\ccespywaz95858.ocx
c:\windows\system32\cecsp9zs51158.dll
c:\windows\system32\d69s5yware3z.dll
c:\windows\system32\e4eba9zd5or2735.exe
c:\windows\system32\e555tza91215.ocx
c:\windows\system32\z0097sp52a3.ocx
c:\windows\system32\z0169parse1556.ocx
c:\windows\system32\z02t5oj69e.exe
c:\windows\system32\z0386sp51b9.ocx
c:\windows\system32\z0955troj149.ocx
c:\windows\system32\z097backdo5r2629.exe
c:\windows\z1691virus595.dll
c:\windows\z1715hi9f1504.exe
c:\windows\z33spywa9e35.ocx
c:\windows\z35b95dware1264.ocx
c:\windows\z4778tr5j1f39.cpl
c:\windows\z5395py6349.dll
c:\windows\z53spyw59e940.bin
c:\windows\z5484virus659.exe
c:\windows\z5500tro9195.cpl
c:\windows\z5539hackto9l5f2.exe
c:\windows\z55bth95f2171.dll
c:\windows\z65dth9eat1493.dll
c:\windows\z6999spamb5935f.dll
c:\windows\z717v9r875.bin
c:\windows\z7974s5ydf9.dll
c:\windows\z874spyware5999.bin
c:\windows\z894t9oj65.ocx
c:\windows\z97cad9ware5953.cpl
c:\windows\z9bdvir95075.ocx
c:\windows\za88spyw9re5395.bin
c:\windows\zabbdo9n5oader2434.ocx

.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-09-18 09:57 . 2009-09-18 09:57 10951 ----a-w- c:\windows\system32\za929pyw5re487.bin
2009-07-25 23:37 . 2009-07-25 23:37 9046 ----a-w- c:\windows\system32\zb799p5rse821.bin
2009-07-11 16:46 . 2009-07-11 16:46 4921 ----a-w- c:\windows\system32\zc5avir9995.dll
2009-07-01 01:41 . 2009-07-01 01:41 152576 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-01 01:19 . 2009-07-01 01:36 -------- d-----w- c:\documents and settings\Tara Brooks\.SunDownloadManager
2009-06-30 03:11 . 2009-06-30 03:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-28 22:18 . 2009-06-28 22:19 -------- d-----w- C:\rsit
2009-06-28 21:06 . 2009-06-28 21:06 14 ----a-w- c:\windows\ASSE.dat
2009-06-28 17:45 . 2009-06-30 02:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 17:45 . 2009-06-28 17:49 -------- d-----w- c:\program files\SpywareBlaster
2009-06-28 00:58 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 00:58 . 2009-06-28 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-28 00:58 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 00:58 . 2009-06-28 01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 16:20 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-26 16:20 . 2009-06-26 16:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-26 16:15 . 2009-06-26 16:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-26 16:13 . 2009-06-27 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-26 16:13 . 2009-06-27 17:31 -------- d-----w- c:\program files\NOS
2009-06-26 06:03 . 2009-06-28 22:19 -------- d-----w- c:\program files\Trend Micro
2009-06-26 05:40 . 2009-06-26 05:40 -------- d-----w- c:\program files\ERUNT
2009-06-24 01:39 . 2009-06-24 01:39 34062 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-23 19:16 . 2009-06-25 23:20 -------- d-----w- c:\program files\DivX
2009-06-23 18:54 . 2009-06-23 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-06-17 13:04 . 2009-06-17 13:04 4370 ----a-w- c:\windows\system32\z54455p9mbot18.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 01:43 . 2006-07-19 21:23 -------- d-----w- c:\program files\Java
2009-06-28 01:22 . 2005-02-17 14:44 -------- d-----w- c:\documents and settings\Tara Brooks\Application Data\WeatherBug
2009-06-26 16:29 . 2004-08-18 21:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 23:25 . 2009-01-20 00:09 -------- d-----w- c:\program files\SmartDraw 2009
2009-06-25 23:23 . 2004-07-29 23:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 23:20 . 2008-11-26 06:04 -------- d-----w- c:\program files\DNA
2009-06-24 01:40 . 2007-03-24 00:31 -------- d--h--w- c:\documents and settings\Tara Brooks\Application Data\Move Networks
2009-06-16 01:48 . 2006-11-20 01:14 1915520 -c--a-w- c:\documents and settings\Tara Brooks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-27 05:04 . 2006-10-22 18:25 3688 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-21 15:33 . 2008-11-26 06:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:32 . 2004-07-29 23:21 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 21:37 . 2007-02-02 02:37 -------- d-----w- c:\program files\McAfee
2009-04-29 04:56 . 2004-08-24 00:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-07-29 23:21 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 00:31 . 2009-04-17 00:31 6292 ----a-w- c:\windows\system32\z35vir21579.bin
2009-04-15 14:51 . 2004-07-29 23:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 21:33 . 2009-04-14 21:33 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-12 05:04 . 2009-04-12 05:04 12727 ----a-w- c:\windows\system32\z9935orm4e8.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_04.03.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-01 01:44 . 2009-07-01 01:44 16384 c:\windows\Temp\Perflib_Perfdata_b84.dat
+ 2004-07-29 23:21 . 2009-06-30 21:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-07-29 23:21 . 2009-06-30 02:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-07-29 23:21 . 2009-06-30 21:51 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-07-29 23:21 . 2009-06-30 02:24 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-26 06:28 . 2008-11-26 06:27 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 01:44 . 2009-05-21 15:34 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 01:44 . 2009-05-21 15:34 144792 c:\windows\system32\javaw.exe
- 2008-11-26 06:28 . 2008-11-26 06:27 144792 c:\windows\system32\javaw.exe
+ 2009-07-01 01:44 . 2009-05-21 15:34 144792 c:\windows\system32\java.exe
- 2008-11-26 06:28 . 2008-11-26 06:27 144792 c:\windows\system32\java.exe
+ 2004-07-29 23:21 . 2009-06-30 21:51 262144 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-07-29 23:21 . 2009-06-30 02:24 262144 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2005-06-07 1339392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="c:\program files\Support.com\providerComcast\desktopdoctor.exe" [2006-06-02 1286144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-03 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2006-10-30 131072]
"iRiver AutoDB"="c:\program files\iRiver\Service\MLService.exe" [2004-09-10 1040384]
"iRiver Updater"="c:\program files\iRiver\Service\Updater.exe" [2004-09-07 212992]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-05 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-29 24576]
Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2006-12-18 479232]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-6-2 1622016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 11:55 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Tara Brooks\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 lowpp;Lowrance MMC Parallel Port Driver;c:\windows\system32\drivers\lowpp.sys [6/3/2007 11:20 AM 7787]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:26 PM 24652]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [12/18/2006 10:31 PM 20608]
S3 MLFILEM;MLFILEM;c:\windows\system32\drivers\MLFILEM.SYS [12/11/2004 1:40 AM 28160]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211U.sys [12/18/2006 10:31 PM 278016]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-02 17:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-02 17:32]

2009-06-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.utk.edu/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 22:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\LgNotify.dll
.
Completion time: 2009-07-01 22:03
ComboFix-quarantined-files.txt 2009-07-01 02:02
ComboFix2.txt 2009-06-30 04:06

Pre-Run: 5,867,626,496 bytes free
Post-Run: 5,939,720,192 bytes free

682 --- E O F --- 2009-06-25 19:29

 

[katana]

Step 1

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  http://forums.spybot.info/showthread.php?p=320346#post320346
  Comment:: Katana
  Collect::[4]
  c:\windows\system32\za929pyw5re487.bin
  c:\windows\system32\zb799p5rse821.bin
  c:\windows\system32\zc5avir9995.dll
  c:\windows\system32\z54455p9mbot18.exe
  c:\windows\system32\z35vir21579.bin
  c:\windows\system32\z9935orm4e8.exe
  ADS::

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• **Note**
  When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• ComobFix Log
• MalwareBytes Log
• How are things running now ?

 

[sda272]

Problem

It seems that ComboFix stalls out while performing the "scan". I tried rebooting and running again, and it still wouldn't work. I don't know if this would effect it or not, but my roommate, unbeknowst to me, downloaded and ran spybot today. I uninstalled it before running combofix, but I wanted to make sure I disclosed it so that you may help me out. Sorry about that! She didn't realize that I didn't want anything done until I was done working with you. Now what?

 

[katana]

Curious ??

Spybot wouldn't be causing the trouble though, so no need to worry there

Please post a fresh RSIT log
How are things running now ?

 

[sda272]

new rsit log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tara Brooks at 2009-07-02 22:29:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:24 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iRiver\Service\MLService.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Tara Brooks\Desktop\RSIT.exe
C:\Program Files\trend micro\Tara Brooks.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utk.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=61d7f0a8-9c80-46b4-8f5a-1d0f16bdccc8
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10052 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-07-29 335872]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2006-10-30 131072]
"iRiver AutoDB"=C:\Program Files\iRiver\Service\MLService.exe [2004-09-10 1040384]
"iRiver Updater"=C:\Program Files\iRiver\Service\Updater.exe [2004-09-07 212992]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\PROGRA~1\AWS\WEATHE~1\Weather.exe [2005-06-07 1339392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"=C:\Program Files\Support.com\providerComcast\desktopdoctor.exe [2006-06-02 1286144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-30 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~4\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-12-14 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Hawking Wireless Utility.lnk - C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-07-29 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2004-01-12 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe"="C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

======List of files/folders created in the last 1 months======

2009-07-11 12:46:13 ----A---- C:\WINDOWS\system32\zc5avir9995.dll
2009-07-01 23:43:52 ----SD---- C:\ComboFix
2009-07-01 23:43:51 ----A---- C:\WINDOWS\system32\CF25605.exe
2009-07-01 23:31:30 ----SD---- C:\SharonCF
2009-07-01 23:31:25 ----A---- C:\WINDOWS\system32\CF23165.exe
2009-07-01 23:22:41 ----SHD---- C:\RECYCLER
2009-07-01 23:22:00 ----A---- C:\WINDOWS\system32\CF21310.exe
2009-07-01 23:20:45 ----A---- C:\WINDOWS\system32\CF20337.exe
2009-07-01 23:11:32 ----A---- C:\WINDOWS\wininit.ini
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\java.exe
2009-06-29 23:42:47 ----A---- C:\Boot.bak
2009-06-29 23:42:40 ----RASHD---- C:\cmdcons
2009-06-29 23:36:55 ----A---- C:\WINDOWS\zip.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWSC.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWREG.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\sed.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\PEV.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\grep.exe
2009-06-29 23:11:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-06-29 22:52:59 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-06-29 22:52:49 ----D---- C:\Qoobox
2009-06-28 18:18:32 ----D---- C:\rsit
2009-06-28 14:00:32 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-06-28 13:45:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-28 13:45:33 ----D---- C:\Program Files\SpywareBlaster
2009-06-28 13:28:29 ----D---- C:\WINDOWS\pss
2009-06-27 20:58:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-27 20:58:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-26 12:20:04 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-26 12:13:41 ----D---- C:\Program Files\NOS
2009-06-26 12:13:41 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-26 02:03:42 ----D---- C:\Program Files\Trend Micro
2009-06-26 01:40:57 ----D---- C:\WINDOWS\ERDNT
2009-06-26 01:40:22 ----D---- C:\Program Files\ERUNT
2009-06-26 01:12:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-23 15:16:38 ----D---- C:\Program Files\DivX
2009-06-17 09:04:29 ----A---- C:\WINDOWS\system32\z54455p9mbot18.exe
2009-06-11 03:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-02 22:29:59 ----D---- C:\WINDOWS\Temp
2009-07-02 22:29:53 ----D---- C:\WINDOWS\Prefetch
2009-07-02 07:31:56 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2009-07-02 01:25:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-01 23:45:07 ----D---- C:\WINDOWS\system32
2009-07-01 23:41:19 ----D---- C:\WINDOWS\system32\drivers
2009-07-01 23:20:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-01 23:20:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-01 23:12:12 ----RD---- C:\Program Files
2009-07-01 23:11:32 ----D---- C:\windows
2009-07-01 15:55:08 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\WeatherBug
2009-06-30 22:01:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-30 22:00:36 ----A---- C:\WINDOWS\system.ini
2009-06-30 21:56:07 ----D---- C:\WINDOWS\AppPatch
2009-06-30 21:55:51 ----D---- C:\Program Files\Common Files
2009-06-30 21:44:39 ----SHD---- C:\WINDOWS\Installer
2009-06-30 21:44:15 ----SHD---- C:\Config.Msi
2009-06-30 21:43:43 ----D---- C:\Program Files\Java
2009-06-30 00:04:44 ----RSHD---- C:\WINDOWS\system32\DllCache
2009-06-30 00:02:42 ----SD---- C:\WINDOWS\Tasks
2009-06-29 23:48:32 ----D---- C:\WINDOWS\security
2009-06-29 23:42:47 ----RASH---- C:\boot.ini
2009-06-28 13:34:57 ----A---- C:\WINDOWS\win.ini
2009-06-27 13:31:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-26 12:30:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-26 12:29:06 ----D---- C:\Program Files\Common Files\Adobe
2009-06-26 12:27:39 ----D---- C:\Program Files\Adobe
2009-06-26 12:20:10 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\Adobe
2009-06-26 12:07:33 ----D---- C:\WINDOWS\system32\FxsTmp
2009-06-26 08:34:38 ----D---- C:\WINDOWS\Minidump
2009-06-25 19:25:39 ----D---- C:\Program Files\SmartDraw 2009
2009-06-25 19:23:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 19:23:29 ----HD---- C:\WINDOWS\inf
2009-06-25 19:23:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-25 19:20:19 ----D---- C:\Program Files\DNA
2009-06-23 21:40:41 ----HD---- C:\Documents and Settings\Tara Brooks\Application Data\Move Networks
2009-06-11 03:14:43 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:07:46 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 03:07:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 03:03:29 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 03:02:59 ----D---- C:\WINDOWS\ie7updates
2009-06-08 07:12:27 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-07-29 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-07-29 206464]
R2 BASFND;BASFND; \??\C:\WINDOWS\System32\Drivers\BASFND.sys []
R2 lowpp;Lowrance MMC Parallel Port Driver; \??\C:\WINDOWS\system32\Drivers\lowpp.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-07-29 14037]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2008-04-13 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2004-01-09 10970]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-08-22 94600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-04-13 701440]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-22 175360]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MLFILEM;MLFILEM; \??\C:\WINDOWS\system32\drivers\MLFILEM.SYS []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-07-29 30630]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2004-01-13 2482176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TARABR~1\LOCALS~1\Temp\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-07-29 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiAvFilter101;NAI Anti Virus; \Device\NaiAvFilter101.sys []
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2007-03-12 16128]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-07-29 323584]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINDOWS\System32\basfipm.exe [2003-04-17 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2004-01-09 122880]
R2 RioMSC;Rio MSC Manager; C:\WINDOWS\system32\RioMSC.exe [2004-08-26 282624]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2004-01-09 303171]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2006-10-30 98304]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]

-----------------EOF-----------------

 

[katana]

Step 1


Upload a File
Download suspicious file packer from here

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

c:\windows\system32\za929pyw5re487.bin
c:\windows\system32\zb799p5rse821.bin
c:\windows\system32\zc5avir9995.dll
c:\windows\system32\z54455p9mbot18.exe
c:\windows\system32\z35vir21579.bin
c:\windows\system32\z9935orm4e8.exe
C:\WINDOWS\wininit.ini


Please open LINK >>> THIS PAGE <<<LINK in a new window.


In the box marked Link to topic where this file was requested: please put this text

http://forums.spybot.info/showthread.php?p=320346#post320346

Click the Browse button and navigate to the Cab file that was created on your desktop
Select this file and click Open

In the Largest box please put

File Requested By Katana
Failed Submit

Finally click SendFile
You can now delete SFP (exe and Zip) along with the .cab file that was created

----------------------------------------------------------------------------------------
Step 2

Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below

• Please visit this webpage for instructions on using ComboFix:
  http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  
  ComboFix.exe 1
  ComboFix.exe 2
  ComboFix.exe 3
  
• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------------------------------------
Step 3

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small export to notepad button and save the report to your desktop.
• Please post the report in your reply.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• Combofix Log
• Active Scan Log
• How are things running now ?

 

[sda272]

Problem

Combofix still won't complete scan. Finished step 1. Waiting on step 3 to finish and post log.

 

[sda272]

Activescan Log

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-05 23:37:47
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@trafficmp[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@247realmedia[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tara Brooks\Cookies\tara_brooks@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@apmebf[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Tara Brooks\Cookies\tara_brooks@server.iad.liveperson[4].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@realmedia[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@zedo[1].txt
00242667 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP966\A0199091.DLL
00507950 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP966\A0199093.DLL
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198116.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Qoobox\Quarantine\C\windows\system32\MSIVXgsalimudcooyeyvfoisskiialtqksuml.dll.vir
No C:\Qoobox\Quarantine\C\windows\system32\setup2.exe.vir
No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198114.dll
No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198336.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

[katana]

OTMoveIt
Please download OTM by OldTimer and save it to your desktop

• Double-click OTM.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include rocesses )

:Processes
:Files
c:\windows\system32\za929pyw5re487.bin
c:\windows\system32\zb799p5rse821.bin
c:\windows\system32\zc5avir9995.dll
c:\windows\system32\z54455p9mbot18.exe
c:\windows\system32\z35vir21579.bin
c:\windows\system32\z9935orm4e8.exe
C:\WINDOWS\wininit.ini
:Commands
[Purity]
[EmptyTemp]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• OTMoveIt Log
• A fresh RSIT Log
• How are things running now ?

 

[sda272]

OTMovieIt Log

All processes killed
========== PROCESSES ==========
========== FILES ==========
c:\windows\system32\za929pyw5re487.bin moved successfully.
c:\windows\system32\zb799p5rse821.bin moved successfully.
LoadLibrary failed for c:\windows\system32\zc5avir9995.dll
c:\windows\system32\zc5avir9995.dll NOT unregistered.
c:\windows\system32\zc5avir9995.dll moved successfully.
c:\windows\system32\z54455p9mbot18.exe moved successfully.
c:\windows\system32\z35vir21579.bin moved successfully.
c:\windows\system32\z9935orm4e8.exe moved successfully.
C:\WINDOWS\wininit.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Tara Brooks
->Temp folder emptied: 119946 bytes
->Temporary Internet Files folder emptied: 177905613 bytes
->Java cache emptied: 28576383 bytes
->Apple Safari cache emptied: 16909748 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 9127937 bytes
File delete failed. C:\WINDOWS\temp\mcmsc_9deROyWexlNPAri scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_UrhPeYeTgUHR682 scheduled to be deleted on reboot.
Windows Temp folder emptied: 88575 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 222.06 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07062009_211523

Files moved on Reboot...
File C:\WINDOWS\temp\mcmsc_9deROyWexlNPAri not found!
File C:\WINDOWS\temp\mcmsc_UrhPeYeTgUHR682 not found!

Registry entries deleted on Reboot...

 

[sda272]

New RSIT part 1

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tara Brooks at 2009-07-06 21:26:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 511 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:00 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iRiver\Service\MLService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Tara Brooks\Desktop\RSIT.exe
C:\Program Files\trend micro\Tara Brooks.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utk.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=61d7f0a8-9c80-46b4-8f5a-1d0f16bdccc8
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\SharonCF\HIDEC.exe" "C:\SharonCF\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10322 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-07-29 335872]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2006-10-30 131072]
"iRiver AutoDB"=C:\Program Files\iRiver\Service\MLService.exe [2004-09-10 1040384]
"iRiver Updater"=C:\Program Files\iRiver\Service\Updater.exe [2004-09-07 212992]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\PROGRA~1\AWS\WEATHE~1\Weather.exe [2005-06-07 1339392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"=C:\Program Files\Support.com\providerComcast\desktopdoctor.exe [2006-06-02 1286144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-30 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~4\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-12-14 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Hawking Wireless Utility.lnk - C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-07-29 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2004-01-12 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe"="C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

======List of files/folders created in the last 1 months======

2009-07-06 21:15:23 ----D---- C:\_OTM
2009-07-05 18:49:28 ----D---- C:\Program Files\Panda Security
2009-07-05 17:59:58 ----SD---- C:\SharonCF
2009-07-05 17:59:54 ----A---- C:\WINDOWS\system32\CF5437.exe
2009-07-05 17:38:36 ----SD---- C:\ComboFix
2009-07-05 17:38:35 ----A---- C:\WINDOWS\system32\CF1267.exe
2009-07-01 23:43:51 ----A---- C:\WINDOWS\system32\CF25605.exe
2009-07-01 23:31:25 ----A---- C:\WINDOWS\system32\CF23165.exe
2009-07-01 23:22:41 ----SHD---- C:\RECYCLER
2009-07-01 23:22:00 ----A---- C:\WINDOWS\system32\CF21310.exe
2009-07-01 23:20:45 ----A---- C:\WINDOWS\system32\CF20337.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\java.exe
2009-06-29 23:42:47 ----A---- C:\Boot.bak
2009-06-29 23:42:40 ----RASHD---- C:\cmdcons
2009-06-29 23:36:55 ----A---- C:\WINDOWS\zip.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWSC.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWREG.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\sed.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\PEV.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\grep.exe
2009-06-29 23:11:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-06-29 22:52:59 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-06-29 22:52:49 ----D---- C:\Qoobox
2009-06-28 18:18:32 ----D---- C:\rsit
2009-06-28 14:00:32 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-06-28 13:45:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-28 13:45:33 ----D---- C:\Program Files\SpywareBlaster
2009-06-28 13:28:29 ----D---- C:\WINDOWS\pss
2009-06-27 20:58:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-27 20:58:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-26 12:20:04 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-26 12:13:41 ----D---- C:\Program Files\NOS
2009-06-26 12:13:41 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-26 02:03:42 ----D---- C:\Program Files\Trend Micro
2009-06-26 01:40:57 ----D---- C:\WINDOWS\ERDNT
2009-06-26 01:40:22 ----D---- C:\Program Files\ERUNT
2009-06-26 01:12:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-23 15:16:38 ----D---- C:\Program Files\DivX
2009-06-11 03:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

 

[sda272]

RSIT part 2

======List of files/folders modified in the last 1 months======

2009-07-06 21:26:36 ----D---- C:\WINDOWS\Temp
2009-07-06 21:22:47 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\WeatherBug
2009-07-06 21:21:45 ----D---- C:\windows
2009-07-06 21:21:43 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2009-07-06 21:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-06 21:19:32 ----D---- C:\WINDOWS\system32
2009-07-06 21:16:39 ----D---- C:\WINDOWS\Prefetch
2009-07-05 18:55:26 ----D---- C:\WINDOWS\system32\drivers
2009-07-05 18:49:28 ----RD---- C:\Program Files
2009-07-05 18:49:27 ----HD---- C:\WINDOWS\inf
2009-07-05 18:48:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-05 18:48:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-02 13:55:00 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-01 23:27:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-01 23:20:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-30 22:00:36 ----A---- C:\WINDOWS\system.ini
2009-06-30 21:56:07 ----D---- C:\WINDOWS\AppPatch
2009-06-30 21:55:51 ----D---- C:\Program Files\Common Files
2009-06-30 21:44:39 ----SHD---- C:\WINDOWS\Installer
2009-06-30 21:44:15 ----SHD---- C:\Config.Msi
2009-06-30 21:43:43 ----D---- C:\Program Files\Java
2009-06-30 00:04:44 ----RSHD---- C:\WINDOWS\system32\DllCache
2009-06-30 00:02:42 ----SD---- C:\WINDOWS\Tasks
2009-06-29 23:48:32 ----D---- C:\WINDOWS\security
2009-06-29 23:42:47 ----RASH---- C:\boot.ini
2009-06-28 13:34:57 ----A---- C:\WINDOWS\win.ini
2009-06-26 12:30:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-26 12:29:06 ----D---- C:\Program Files\Common Files\Adobe
2009-06-26 12:27:39 ----D---- C:\Program Files\Adobe
2009-06-26 12:20:10 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\Adobe
2009-06-26 08:34:38 ----D---- C:\WINDOWS\Minidump
2009-06-25 19:25:39 ----D---- C:\Program Files\SmartDraw 2009
2009-06-25 19:23:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 19:23:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-25 19:20:19 ----D---- C:\Program Files\DNA
2009-06-23 21:40:41 ----HD---- C:\Documents and Settings\Tara Brooks\Application Data\Move Networks
2009-06-11 03:14:43 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:07:46 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 03:07:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 03:03:29 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 03:02:59 ----D---- C:\WINDOWS\ie7updates
2009-06-08 07:12:27 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-07-29 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-07-29 206464]
R2 BASFND;BASFND; \??\C:\WINDOWS\System32\Drivers\BASFND.sys []
R2 lowpp;Lowrance MMC Parallel Port Driver; \??\C:\WINDOWS\system32\Drivers\lowpp.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-07-29 14037]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2008-04-13 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2004-01-09 10970]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-08-22 94600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-04-13 701440]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-22 175360]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MLFILEM;MLFILEM; \??\C:\WINDOWS\system32\drivers\MLFILEM.SYS []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-07-29 30630]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2004-01-13 2482176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TARABR~1\LOCALS~1\Temp\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-07-29 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiAvFilter101;NAI Anti Virus; \Device\NaiAvFilter101.sys []
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2007-03-12 16128]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-07-29 323584]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINDOWS\System32\basfipm.exe [2003-04-17 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2004-01-09 122880]
R2 RioMSC;Rio MSC Manager; C:\WINDOWS\system32\RioMSC.exe [2004-08-26 282624]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2004-01-09 303171]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2006-10-30 98304]
S2 PEVSystemStart;PEVSystemStart; cmd /k start /i /dC: C:\SharonCF\HIDEC.exe C:\SharonCF\SWREG.EXE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]

-----------------EOF-----------------

 

[katana]

• How are things running now ?

Remove Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

 

[sda272]

When I tried to run "combofix /u" it says it can't find file.

Then:

When I tried to download ComboFix, it got to about 99% complete and then returned the error "Cannot copy ComboFix[1]:access denied. Make sure the disk is not full or write protected and that the file is not currently in use." I tried rebooting. Still same thing.

In Internet Explorer, things are much better. Things are still a little slow in general. I can now at least google something and click the link and it works.

 

[katana]

Here are a two different options, if the first doesn't work, try the second.


----------------------------------------------------------------------------------------

• Click START then RUN
• Now type SharonCF.exe /u in the runbox and click OK. Note the space between the uX and the /U, it needs to be there.

----------------------------------------------------------------------------------------

• Click START then RUN
• Now type c:\documents and settings\Tara Brooks\Desktop\SharonCF.exe /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

----------------------------------------------------------------------------------------

If Combofix is uninstalled sucessfully, please download a fresh copy and run it.

 

[sda272]

Sorry for the slow response. I have been out of town. Neither option worked. I even "cut & paste" what you typed. No go. Anything else?

 

[katana]

Step 1


OTMoveIt

• Double-click OTM.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include rocesses )

:Processes
explorer.exe
:Services
:Reg
:Files
C:\SharonCF
C:\WINDOWS\system32\CF5437.exe
C:\ComboFix
C:\WINDOWS\system32\CF1267.exe
C:\WINDOWS\system32\CF25605.exe
C:\WINDOWS\system32\CF23165.exe
C:\WINDOWS\system32\CF21310.exe
C:\WINDOWS\system32\CF20337.exe
C:\WINDOWS\zip.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\grep.exe
C:\Qoobox
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


----------------------------------------------------------------------------------------
Step 2

Download and Run ComboFix

Download Combofix from the link below. Save it to your desktop.
> Link Removed <
( I have renamed the file )

Double click on CleanFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• OTMoveIt Log
• Combofix Log
• How are things running now ?

 

[sda272]

otm log

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\SharonCF\N_ moved successfully.
C:\SharonCF moved successfully.
C:\WINDOWS\system32\CF5437.exe moved successfully.
File/Folder C:\ComboFix not found.
C:\WINDOWS\system32\CF1267.exe moved successfully.
C:\WINDOWS\system32\CF25605.exe moved successfully.
C:\WINDOWS\system32\CF23165.exe moved successfully.
C:\WINDOWS\system32\CF21310.exe moved successfully.
C:\WINDOWS\system32\CF20337.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
C:\WINDOWS\SWXCACLS.exe moved successfully.
C:\WINDOWS\SWSC.exe moved successfully.
C:\WINDOWS\SWREG.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\NIRCMD.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\Qoobox\TestC moved successfully.
C:\Qoobox\Test moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\C\windows\Tasks moved successfully.
C:\Qoobox\Quarantine\C\windows\system32\drivers moved successfully.
C:\Qoobox\Quarantine\C\windows\system32 moved successfully.
C:\Qoobox\Quarantine\C\windows moved successfully.
C:\Qoobox\Quarantine\C\Program Files\Adware Professional moved successfully.
C:\Qoobox\Quarantine\C\Program Files moved successfully.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\LastRun moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Tara Brooks
->Temp folder emptied: 788057 bytes
->Temporary Internet Files folder emptied: 263445586 bytes
->Java cache emptied: 13425503 bytes
->Apple Safari cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\59224777298D4E9C9AEB4A91BDA01B27.TMP folder deleted successfully.
%systemroot% .tmp files removed: 61457 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\mcmsc_dE7z2fToFo5AvCW scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_PnNgChw5bsYgSce scheduled to be deleted on reboot.
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 8735 bytes

Total Files Cleaned = 264.90 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07122009_221442

Files moved on Reboot...
File C:\WINDOWS\temp\mcmsc_dE7z2fToFo5AvCW not found!
File C:\WINDOWS\temp\mcmsc_PnNgChw5bsYgSce not found!

Registry entries deleted on Reboot...