Jump to content
once-bitten

Requested mbam, panda, and hijackthis logs; I think antivirus 2009 may be gone

Recommended Posts

Hello,

This is a followup to my initial post where I reported I was infected by the antivirus 2009 malware program and was having trouble removing on particular file in the system information volume (C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP481\A0048189.sys (Trojan.Downloader) . I followed the instructions you gave me and I no longer see the error i reported so hopefully I am finally out of the wood. Here is the information you requested. Thanks in advance for your help, it is greatly appreciated!

I followed the instructions you suggested in the Pre-HJT Post Instruction:

1) Installed and ran Spybot Search & Destroy - it removed a bunch of Browser cookies

2) Ran Malwarebytes Quick Scan (also ran full scan because quick scan never found the trojan downloader issue I was seeing)

Malwarebytes Log file Below:

=========================================

Malwarebytes' Anti-Malware 1.30

Database version: 1397

Windows 5.1.2600 Service Pack 3

11/14/2008 7:35:40 AM

mbam-log-2008-11-14 (07-35-40).txt

Scan type: Quick Scan

Objects scanned: 52366

Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=======================================

NOTE: I'm no longer getting this message in my Malwarebytes log!!!! Perhaps Spybot fixed it?

Files Infected:

C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP481\A0048189.sys (Trojan.Downloader)

3) Next I ran the PandaActive Scan. Log is below:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-14 17:46:41

PROTECTIONS: 3

MALWARE: 17

SUSPECTS: 2

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4104.0 No Yes

McAfee Internet Security Suite 2007 8.1 No No

McAfee VirusScan Plus 12.1 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@com[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@azjmp[1].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.hitslink[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@apmebf[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.burstbeacon[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statse.webtrendslive[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@target[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@citi.bridgetrack[2].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\Program Files\UltraVNC\vnchooks.dll

No C:\Program Files\UltraVNC\winvnc.exe

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

4) Lastly, I ran the HijackThis program. Log below:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:53:30 PM, on 11/14/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Garmin\gStart.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPHipm09.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Wireshark\wireshark.exe

C:\Program Files\Wireshark\dumpcap.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194467701703

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: karna.dat

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10953 bytes

Share this post


Link to post
Share on other sites

That file is from the System Restore feature and is safe while it's in there as long as you don't do a restore and for now can be ignored.

Based on the logs in general except for one file I would think you were clean, but due to this file entry being there it would indicate that you're not clean.

O20 - AppInit_DLLs: karna.dat

Please run the following which should be able to provide us more details on this infection.

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.
  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a .ZIP file.

  • Click OK and quit the GMER program.

Share this post


Link to post
Share on other sites

We have had a chance to examine your GMER log, and it seems you are indeed infected with a RootKit.TDSS variant.

If you can, please visit here and follow the instructions.

http://www.gmer.net/faq.php

Just in case you can't access it via website url, here's the IP http://204.152.184.145/faq.php

Replace the rootkit.rustok with tdss

The instructions are the same regardless of this particular variant we're dealing with. :blink:

When done run MBABM go to the UPDATE tab and update the program and do a Quick Scan, fix anything found and RESTART your computer

Then after the restart run another HJT scan and save log then post back all the logs please

Share this post


Link to post
Share on other sites

Hi,

I followed the instructions at GMER-FAQ to remove the hidden service which I think worked even though I got the error below. I re-ran an

MBAM quick scan which came up clean and then rebooted.

This is the GMER error I got, but it was after the second or third pop-up question that I answered YES to:

File"system32\drivers\TDSSypjq.sys" couldn't be deleted. Error 0x00000003 !: The sytem cannot fin th path specified.

After rebooting, I re-ran GMER, MBAM, and HJT. Below are the MBAM and HJT scans and I re-zipped the GMER scan (GMER-01.ZIP).

Thanks Again!

MBAM:

=================================

Malwarebytes' Anti-Malware 1.30

Database version: 1401

Windows 5.1.2600 Service Pack 3

11/16/2008 5:07:32 AM

mbam-log-2008-11-16 (05-07-32).txt

Scan type: Quick Scan

Objects scanned: 51267

Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT:

========================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:10:20 AM, on 11/16/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Garmin\gStart.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPHipm09.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194467701703

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: karna.dat

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10890 bytes

GMER_01.zip

GMER_01.zip

Share this post


Link to post
Share on other sites

Start HJT and Scan only - then place a check mark on this item

O20 - AppInit_DLLs: karna.dat

Then click on Fix selected...

Reboot the computer and run HJT again and do a Scan and save log and post it on your next reply

Then run this routine please

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program
OTListIt.exe
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Share this post


Link to post
Share on other sites

Hi, I removed the karna.dat file using HJT, rebooted and then re-ran HJT. Below is the new HJT log. After the HJT log is the OTLISTIT.TXT output. In the OTLISTIT.TXT file I noticed some strangely named files around 11/8 through 11/12 which is when I think I got infected...but I'm not even going to pretend I know what I'm looking for :-) This reply is getting very long so I'll send the Extras.txt file output separtely. Thanks again!

New HJT Log file:

==========================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:58:23 PM, on 11/17/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Garmin\gStart.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194467701703

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10844 bytes

OTLISTIT.TXT file:

=================================

OTListIt logfile created on: 11/17/2008 8:05:35 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Apps\anti-sypware

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 432.32 Mb Available Physical Memory | 45.10% Memory free

2.26 Gb Paging File | 1.67 Gb Available in Paging File | 73.95% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 123.05 Gb Free Space | 82.56% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HPDX5150-HOME

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2006/03/17 11:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

[2006/03/17 11:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

[2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

[2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

[2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

[2006/03/17 18:37:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[2006/11/17 02:06:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

[2006/01/13 01:46:57 | 00,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

[2007/08/31 11:01:22 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[2006/01/13 01:46:57 | 00,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe

[2007/10/25 16:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[2007/10/25 16:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe

[2008/04/24 12:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

[2007/07/15 18:42:08 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2007/08/31 10:58:52 | 00,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

[2005/07/25 09:05:44 | 01,896,448 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe

[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

[2007/12/01 17:38:41 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[2007/03/15 18:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[2008/02/25 20:23:34 | 00,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[2007/10/25 16:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2008/11/17 20:04:00 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Apps\anti-sypware\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])

[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2006/03/17 11:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007/03/21 18:13:17 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])

[2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])

[2007/10/19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])

[2006/11/17 02:06:00 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Stopped])

[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])

[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])

[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])

[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])

[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [unknown | Running])

[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])

[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])

[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2006/01/13 01:46:57 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver [On_Demand | Stopped])

[2007/06/28 19:01:48 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

File not found -- -- (sdAuxService [Auto | Stopped])

File not found -- -- (sdCoreService [Auto | Stopped])

[2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])

[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 02:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])

[2002/05/08 13:44:42 | 00,105,472 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

[2004/09/21 13:53:18 | 02,278,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2005/03/09 18:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2006/03/17 11:24:10 | 01,520,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2005/03/17 11:30:10 | 00,132,608 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])

[2005/03/04 17:21:36 | 00,065,664 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp [On_Demand | Stopped])

[2006/01/13 01:46:57 | 00,050,800 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09 [On_Demand | Running])

[2006/01/13 01:46:58 | 00,016,112 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09 [On_Demand | Running])

[2006/01/13 01:46:58 | 00,050,211 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09 [On_Demand | Running])

[2006/01/13 01:46:58 | 00,018,864 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09 [On_Demand | Running])

[2001/08/17 02:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])

[2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro [Auto | Running])

[2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr [Auto | Running])

[2007/10/11 21:01:06 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])

[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2008/11/15 06:12:57 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])

[2003/09/23 09:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])

[2004/08/03 12:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x [On_Demand | Stopped])

[2004/08/03 12:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])

[2004/08/03 12:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])

[2004/08/03 12:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])

[2004/08/03 12:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])

[2004/08/03 12:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])

[2004/08/03 12:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5 [On_Demand | Stopped])

[2004/08/03 12:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6 [On_Demand | Stopped])

[2004/08/03 12:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7 [On_Demand | Stopped])

[2004/08/03 12:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])

[2004/08/03 12:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])

[2004/08/03 12:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])

[2004/08/03 12:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])

[2004/08/03 12:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5 [On_Demand | Stopped])

[2004/08/03 12:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6 [On_Demand | Stopped])

[2007/10/19 13:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Running])

[2007/10/11 18:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Running])

[2007/10/11 20:59:12 | 01,920,920 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Running])

[2007/10/11 18:59:24 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])

[2007/10/11 21:00:20 | 00,066,456 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus [On_Demand | Running])

[2007/10/11 21:00:42 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])

[2007/10/11 21:00:54 | 03,647,384 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running])

[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])

[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])

[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [system | Running])

[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])

[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])

[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [system | Running])

[2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])

[2007/06/28 19:01:48 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2007/08/31 10:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])

[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2007/08/21 00:13:00 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])

[2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2008/02/22 21:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])

[2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])

[2002/04/04 01:32:06 | 00,028,416 | R--- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi [Disabled | Stopped])

[2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])

[2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])

[2001/08/29 02:48:12 | 00,094,688 | ---- | M] (SCM Microsystems Inc.) -- C:\WINDOWS\system32\drivers\upatc.sys -- (UPATC [On_Demand | Stopped])

[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

[2004/06/26 12:22:00 | 00,006,016 | ---- | M] (RDV Soft) -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom [Auto | Running])

[2004/06/26 12:22:00 | 00,004,736 | ---- | M] (RDV Soft) -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv [On_Demand | Running])

[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\S-1-5-21-1105315535-2926988035-3615119530-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1105315535-2926988035-3615119530-500\S-1-5-21-1105315535-2926988035-3615119530-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (288041 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 192.168.1.1 linksys dick dicks www.dicks.com www.dick.com dicks.com dick.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com

O1 - Hosts: 9925 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)

O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)

O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)

O4 - HKLM..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()

O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)

O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)

O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 50 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: internet (about in Trusted sites)

O15 - HKCU\..Trusted Sites: mcafee.com (http in Trusted sites)

O15 - HKCU\..Trusted Sites: mcafee.com (https in Trusted sites)

O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500\..Trusted Sites: internet (about in Trusted sites)

O15 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500\..Trusted Sites: mcafee.com (http in Trusted sites)

O15 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500\..Trusted Sites: mcafee.com (https in Trusted sites)

O15 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} https://actsvr.comcastonline.com/techtools/...%20Controls.cab (SupportSoft External Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1194467701703 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler: - bwfile-8876480 - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]

[2008/11/16 15:14:46 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$lie's xmas list.doc

[2008/11/16 08:54:27 | 00,000,000 | ---D | C] -- C:\Julie

[2008/11/16 05:01:40 | 00,005,820 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GMER-01.zip

[2008/11/15 06:27:21 | 00,006,298 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmerlog.zip

[2008/11/15 06:12:58 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2008/11/15 06:12:57 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2008/11/15 06:12:57 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe

[2008/11/15 06:12:57 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys

[2008/11/15 06:12:57 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd

[2008/11/14 17:52:55 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2008/11/14 17:52:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008/11/14 16:39:37 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2008/11/14 16:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/11/14 06:09:39 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk

[2008/11/14 06:09:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/11/14 06:09:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/11/12 18:43:19 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2008/11/12 12:00:40 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk

[2008/11/12 12:00:40 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2008/11/12 12:00:33 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2008/11/12 12:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2008/11/12 11:59:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2008/11/12 11:39:34 | 00,002,250 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\McAfee Virtual Technician.lnk

[2008/11/12 11:39:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\McAfee

[2008/11/12 10:47:31 | 00,010,381 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF

[2008/11/12 10:47:23 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2008/11/12 10:47:03 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll

[2008/11/12 10:44:31 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys

[2008/11/12 10:44:27 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys

[2008/11/12 10:44:27 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys

[2008/11/12 10:44:27 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys

[2008/11/12 10:44:27 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys

[2008/11/12 10:44:22 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys

[2008/11/12 10:44:04 | 00,000,356 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job

[2008/11/12 10:44:03 | 00,000,348 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job

[2008/11/12 10:43:49 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2008/11/12 10:43:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2008/11/12 10:43:38 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee

[2008/11/12 10:38:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2008/11/12 10:23:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2008/11/12 10:18:34 | 01,226,248 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial.exe

[2008/11/12 06:22:05 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/11/12 06:21:49 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2008/11/10 09:04:06 | 00,000,456 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Karyn's todo'.rtf

[2008/11/09 11:00:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2008/11/09 11:00:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/09 11:00:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/11/09 11:00:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/09 11:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/11/09 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/11/08 12:16:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

[2008/11/08 10:53:44 | 00,019,490 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\izikuwa.sys

[2008/11/08 10:53:44 | 00,019,470 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ulari.sys

[2008/11/08 10:53:44 | 00,019,214 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bamuti.vbs

[2008/11/08 10:53:44 | 00,017,716 | ---- | C] () -- C:\WINDOWS\System32\xivun.exe

[2008/11/08 10:53:44 | 00,017,563 | ---- | C] () -- C:\WINDOWS\epege.vbs

[2008/11/08 10:53:44 | 00,017,381 | ---- | C] () -- C:\WINDOWS\gituteguge.bat

[2008/11/08 10:53:44 | 00,016,570 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ulonam.bin

[2008/11/08 10:53:44 | 00,016,255 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agyxyman.bin

[2008/11/08 10:53:44 | 00,016,215 | ---- | C] () -- C:\WINDOWS\tyvowot.scr

[2008/11/08 10:53:44 | 00,015,552 | ---- | C] () -- C:\WINDOWS\awilosofol.lib

[2008/11/08 10:53:44 | 00,015,127 | ---- | C] () -- C:\WINDOWS\huqovyli.bin

[2008/11/08 10:53:44 | 00,014,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bexacita.exe

[2008/11/08 10:53:44 | 00,014,088 | ---- | C] () -- C:\WINDOWS\System32\acivadoxis._sy

[2008/11/08 10:53:44 | 00,013,729 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\afiliqanof.db

[2008/11/08 10:53:44 | 00,013,567 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jymuv.inf

[2008/11/08 10:53:44 | 00,012,262 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\axunuqaj._dl

[2008/11/08 10:53:44 | 00,011,517 | ---- | C] () -- C:\WINDOWS\efotofubo._dl

[2008/11/08 10:53:44 | 00,010,977 | ---- | C] () -- C:\WINDOWS\puni.lib

[2008/11/08 07:07:30 | 00,019,862 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bafo._dl

[2008/11/08 07:07:30 | 00,019,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\igok.lib

[2008/11/08 07:07:30 | 00,018,563 | ---- | C] () -- C:\WINDOWS\evopiv._sy

[2008/11/08 07:07:30 | 00,016,229 | ---- | C] () -- C:\WINDOWS\System32\idizujujoj.vbs

[2008/11/08 07:07:30 | 00,015,519 | ---- | C] () -- C:\WINDOWS\qamury.db

[2008/11/08 07:07:30 | 00,015,467 | ---- | C] () -- C:\WINDOWS\qafaru.bin

[2008/11/08 07:07:30 | 00,014,959 | ---- | C] () -- C:\WINDOWS\rujuxobex.dl

[2008/11/08 07:07:30 | 00,014,539 | ---- | C] () -- C:\WINDOWS\jebu.scr

[2008/11/08 07:07:30 | 00,014,234 | ---- | C] () -- C:\WINDOWS\juke.reg

[2008/11/08 07:07:30 | 00,013,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tidu.bin

[2008/11/08 07:07:30 | 00,012,442 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\gavavyhyle.pif

[2008/11/08 07:07:30 | 00,011,254 | ---- | C] () -- C:\WINDOWS\jopacoky.pif

[2008/11/07 18:27:05 | 00,000,156 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\delself.bat

[2008/11/07 18:27:03 | 00,000,681 | ---- | C] () -- C:\WINDOWS\System32\TDSSareg.dat

[2008/11/06 17:40:40 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\julie's xmas list.doc

[2008/11/05 17:15:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Broderbund

[2008/11/05 17:15:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Broderbund

[2008/11/05 17:05:46 | 00,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mavis Beacon Teaches Typing 18.lnk

[2008/11/05 17:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Broderbund

[2008/10/27 15:37:01 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Veterans day essay '08.doc

[2008/10/26 09:39:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird

[2008/10/26 09:39:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird

[2008/10/26 09:39:27 | 00,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk

[2008/10/26 09:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2008/10/26 09:35:48 | 06,760,680 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Thunderbird Setup 2.0.0.17.exe

[2008/10/23 22:56:28 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2008/11/17 18:05:24 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2003.lnk

[2008/11/17 16:44:23 | 01,801,216 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2008/11/17 16:44:23 | 00,871,424 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2008/11/17 06:14:17 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2008/11/17 06:11:55 | 00,010,381 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2008/11/17 06:11:51 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/17 06:11:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/17 06:11:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/17 06:11:09 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys

[2008/11/17 06:11:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2008/11/17 06:11:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2008/11/17 06:10:04 | 04,284,172 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2008/11/16 15:34:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2008/11/16 15:14:46 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$lie's xmas list.doc

[2008/11/16 07:15:03 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2008/11/16 05:01:40 | 00,005,820 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GMER-01.zip

[2008/11/16 04:42:26 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini

[2008/11/15 06:27:21 | 00,006,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmerlog.zip

[2008/11/15 06:12:57 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll

[2008/11/15 06:12:57 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys

[2008/11/15 06:12:57 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd

[2008/11/15 06:11:25 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe

[2008/11/15 06:11:25 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe

[2008/11/14 17:52:55 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2008/11/14 06:46:37 | 00,288,041 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008/11/14 06:09:39 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk

[2008/11/12 18:45:59 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/12 18:43:41 | 00,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk

[2008/11/12 12:00:40 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk

[2008/11/12 12:00:40 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2008/11/12 11:39:34 | 00,002,250 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\McAfee Virtual Technician.lnk

[2008/11/12 10:47:23 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2008/11/12 10:44:04 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

[2008/11/12 10:44:03 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

[2008/11/12 10:18:37 | 01,226,248 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial.exe

[2008/11/11 14:31:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008/11/10 09:04:07 | 00,000,456 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Karyn's todo'.rtf

[2008/11/09 13:38:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/08 13:24:20 | 00,475,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/08 13:24:20 | 00,404,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/08 13:24:20 | 00,063,392 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/11/08 13:12:21 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/08 10:53:44 | 00,019,490 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\izikuwa.sys

[2008/11/08 10:53:44 | 00,019,470 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ulari.sys

[2008/11/08 10:53:44 | 00,019,214 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bamuti.vbs

[2008/11/08 10:53:44 | 00,017,716 | ---- | M] () -- C:\WINDOWS\System32\xivun.exe

[2008/11/08 10:53:44 | 00,017,563 | ---- | M] () -- C:\WINDOWS\epege.vbs

[2008/11/08 10:53:44 | 00,017,381 | ---- | M] () -- C:\WINDOWS\gituteguge.bat

[2008/11/08 10:53:44 | 00,016,570 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\ulonam.bin

[2008/11/08 10:53:44 | 00,016,255 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\agyxyman.bin

[2008/11/08 10:53:44 | 00,016,215 | ---- | M] () -- C:\WINDOWS\tyvowot.scr

[2008/11/08 10:53:44 | 00,015,552 | ---- | M] () -- C:\WINDOWS\awilosofol.lib

[2008/11/08 10:53:44 | 00,015,127 | ---- | M] () -- C:\WINDOWS\huqovyli.bin

[2008/11/08 10:53:44 | 00,014,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bexacita.exe

[2008/11/08 10:53:44 | 00,014,088 | ---- | M] () -- C:\WINDOWS\System32\acivadoxis._sy

[2008/11/08 10:53:44 | 00,013,729 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\afiliqanof.db

[2008/11/08 10:53:44 | 00,013,567 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jymuv.inf

[2008/11/08 10:53:44 | 00,012,262 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\axunuqaj._dl

[2008/11/08 10:53:44 | 00,011,517 | ---- | M] () -- C:\WINDOWS\efotofubo._dl

[2008/11/08 10:53:44 | 00,010,977 | ---- | M] () -- C:\WINDOWS\puni.lib

[2008/11/08 07:07:30 | 00,019,862 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bafo._dl

[2008/11/08 07:07:30 | 00,019,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\igok.lib

[2008/11/08 07:07:30 | 00,018,563 | ---- | M] () -- C:\WINDOWS\evopiv._sy

[2008/11/08 07:07:30 | 00,016,229 | ---- | M] () -- C:\WINDOWS\System32\idizujujoj.vbs

[2008/11/08 07:07:30 | 00,015,519 | ---- | M] () -- C:\WINDOWS\qamury.db

[2008/11/08 07:07:30 | 00,015,467 | ---- | M] () -- C:\WINDOWS\qafaru.bin

[2008/11/08 07:07:30 | 00,014,959 | ---- | M] () -- C:\WINDOWS\rujuxobex.dl

[2008/11/08 07:07:30 | 00,014,539 | ---- | M] () -- C:\WINDOWS\jebu.scr

[2008/11/08 07:07:30 | 00,014,234 | ---- | M] () -- C:\WINDOWS\juke.reg

[2008/11/08 07:07:30 | 00,013,217 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tidu.bin

[2008/11/08 07:07:30 | 00,012,442 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\gavavyhyle.pif

[2008/11/08 07:07:30 | 00,011,254 | ---- | M] () -- C:\WINDOWS\jopacoky.pif

[2008/11/08 06:42:37 | 00,000,681 | ---- | M] () -- C:\WINDOWS\System32\TDSSareg.dat

[2008/11/07 18:27:05 | 00,000,156 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\delself.bat

[2008/11/07 16:35:25 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2008/11/06 17:40:40 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\julie's xmas list.doc

[2008/11/05 17:05:46 | 00,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mavis Beacon Teaches Typing 18.lnk

[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008/10/28 18:12:56 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Veterans day essay '08.doc

[2008/10/27 18:43:41 | 00,197,976 | RH-- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[2008/10/26 09:39:27 | 00,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk

[2008/10/26 09:36:10 | 06,760,680 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Thunderbird Setup 2.0.0.17.exe

[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys

[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

< End of report >

Share this post


Link to post
Share on other sites

And finally, here is my Extras.txt file. thanks!

OTListIt Extras logfile created on: 11/17/2008 8:05:37 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Apps\anti-sypware

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 432.32 Mb Available Physical Memory | 45.10% Memory free

2.26 Gb Paging File | 1.67 Gb Available in Paging File | 73.95% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 123.05 Gb Free Space | 82.56% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HPDX5150-HOME

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/12/01 17:38:41 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2006/11/17 02:06:00 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2003/10/02 21:45:46 | 00,094,208 | ---- | M] () -- C:\Apps\tftpd32o\tftpd32.exe:*:Enabled:tftpd32

[2006/06/18 13:56:10 | 00,712,704 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32

[2007/12/01 17:38:41 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader

[2008/01/03 11:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM

[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare

[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost

[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024D7254-4262-4498-AC70-C5C413564D2B}" = Database Design Samples

"{0298C720-87DF-11D3-8831-00500457F9ED}" = Software Design Samples

"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols

"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors

"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds

"{03E79E22-1DF6-11D3-A2FC-006008A88CA8}" = Sample Drawings

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Management Programs

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15D5B241-07BC-45D2-9D85-4CF906079E16}" = Program Files Professional

"{1ACA72C1-8BF5-11D3-8831-00500457F9ED}" = Advanced Network Diagramming Samples

"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel

"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display

"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams

"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules

"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help

"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0

"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help

"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help

"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help

"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help

"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help

"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help

"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help

"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help

"{5430FF19-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Samples

"{5430FF1A-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Samples

"{5430FF1B-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Samples

"{5430FF1C-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Samples

"{5430FF1D-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Samples

"{5430FF1E-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Samples

"{5430FF1F-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Samples

"{5430FF20-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Samples

"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help

"{5B049B61-0684-460E-A5F2-5EC314590344}" = Mavis Beacon Teaches Typing 18

"{5DA0672F-B0E6-4014-B044-BBAD2906BDC2}" = Release Notes Professional

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{702BB930-8BED-11D3-8831-00500457F9ED}" = Directory Services Samples

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor

"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard

"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard

"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML

"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard

"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters

"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files

"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes

"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts

"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts

"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts

"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams

"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps

"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout

"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor

"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AAC4426A-42CD-4B4E-8057-9738C96F2C8F}" = HP Safety and Comfort Guide

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help

"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help

"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer

"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C0BADF00-90BC-11D3-8831-00500457F9ED}" = UML Specification

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help

"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help

"{C5205EE2-2B3E-11D3-8F75-00C04F8DD7E3}" = Database Wizard Samples

"{C5205EE3-2B3E-11D3-8F75-00C04F8DD7E3}" = CAD Drawing Display Samples

"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCAE3CA0-9231-11D3-8831-00500457F9ED}" = Internet Diagrams Samples

"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help

"{CDC43360-8331-11D3-8831-00500457F9ED}" = Program Files Professional Help

"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons

"{D5CC418A-3FC9-4892-B79E-DBC565D9402A}" = Garmin i2/i3 City Navigator North America NT v8

"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Microsoft Visio 2000

"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F4455371-251E-11D3-8F71-00C04F8DD7E3}" = Online Documentation

"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"AIM_6" = AIM 6

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3

"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2

"ATI Display Driver" = ATI Display Driver

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)

"GNU Aspell_is1" = GNU Aspell 0.50-3

"GTK 2.0" = GTK+ Runtime 2.12.1 rev a (remove only)

"HijackThis" = HijackThis 2.0.2

"hp photosmart printer series" = hp photosmart printer series (Remove only)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"legacyqcam_10.40" = Logitech Legacy USB Camera Driver Package

"lvdrivers_11.50" = Logitech QuickCam Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)

"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)

"MSC" = McAfee SecurityCenter

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Password Corral v4.0_is1" = Password Corral v4.0

"Picasa2" = Picasa 2

"Pidgin" = Pidgin

"pidgin-otr" = pidgin-otr 3.1.0-1

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Software Setup" = Software Setup

"Theme Park World" = SimTheme Park

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinPcapInst" = WinPcap 4.0.1

"Wireshark" = Wireshark 0.99.6a

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/11/2008 5:23:14 PM | Computer Name = HPDX5150-HOME | Source = Application Error | ID = 1000

Description = Faulting application itunes.exe, version 8.0.1.11, faulting module

quicktime.qts, version 7.55.90.70, fault address 0x00151433.

Error - 11/12/2008 3:36:46 PM | Computer Name = HPDX5150-HOME | Source = Application Hang | ID = 1002

Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/12/2008 3:36:48 PM | Computer Name = HPDX5150-HOME | Source = Application Hang | ID = 1002

Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/12/2008 3:37:10 PM | Computer Name = HPDX5150-HOME | Source = Application Hang | ID = 1001

Description = Fault bucket 931772520.

Error - 11/12/2008 3:37:10 PM | Computer Name = HPDX5150-HOME | Source = Application Hang | ID = 1001

Description = Fault bucket 931772520.

Error - 11/13/2008 7:16:52 AM | Computer Name = HPDX5150-HOME | Source = MPSampleSubmission | ID = 5000

Description =

Error - 11/14/2008 7:15:56 AM | Computer Name = HPDX5150-HOME | Source = Application Hang | ID = 1002

Description = Hanging application SDUpdate.exe, version 1.6.0.8, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/14/2008 9:47:37 PM | Computer Name = HPDX5150-HOME | Source = Application Error | ID = 1000

Description = Faulting application itunes.exe, version 8.0.1.11, faulting module

quicktime.qts, version 7.55.90.70, fault address 0x00151433.

Error - 11/14/2008 9:48:13 PM | Computer Name = HPDX5150-HOME | Source = Application Error | ID = 1001

Description = Fault bucket 953026930.

Error - 11/16/2008 5:54:38 AM | Computer Name = HPDX5150-HOME | Source = MPSampleSubmission | ID = 5000

Description =

[ System Events ]

Error - 11/16/2008 5:34:37 AM | Computer Name = HPDX5150-HOME | Source = Service Control Manager | ID = 7000

Description = The PC Tools Security Service service failed to start due to the following

error: %%2

Error - 11/16/2008 5:35:08 AM | Computer Name = HPDX5150-HOME | Source = DCOM | ID = 10010

Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Error - 11/16/2008 5:08:40 PM | Computer Name = HPDX5150-HOME | Source = Service Control Manager | ID = 7000

Description = The PC Tools Auxiliary Service service failed to start due to the

following error: %%2

Error - 11/16/2008 5:08:40 PM | Computer Name = HPDX5150-HOME | Source = Service Control Manager | ID = 7000

Description = The PC Tools Security Service service failed to start due to the following

error: %%2

Error - 11/16/2008 5:09:12 PM | Computer Name = HPDX5150-HOME | Source = DCOM | ID = 10010

Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Error - 11/17/2008 7:01:14 AM | Computer Name = HPDX5150-HOME | Source = Service Control Manager | ID = 7000

Description = The PC Tools Auxiliary Service service failed to start due to the

following error: %%2

Error - 11/17/2008 7:01:14 AM | Computer Name = HPDX5150-HOME | Source = Service Control Manager | ID = 7000

Description = The PC Tools Security Service service failed to start due to the following

error: %%2

Error - 11/17/2008 7:01:32 AM | Computer Name = HPDX5150-HOME | Source = DCOM | ID = 10010

Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Error - 11/17/2008 7:11:40 AM | Computer Name = HPDX5150-HOME | Source = Service Control Manager | ID = 7000

Description = The PC Tools Auxiliary Service service failed to start due to the

following error: %%2

Error - 11/17/2008 7:11:40 AM | Computer Name = HPDX5150-HOME | Source = Service Control Manager | ID = 7000

Description = The PC Tools Security Service service failed to start due to the following

error: %%2

< End of report >

Share this post


Link to post
Share on other sites

You should edit your HOSTS file and remove this entry

O1 - Hosts: 192.168.1.1 linksys dick dicks www.dicks.com www.dick.com dicks.com dick.com

Since the hosts file has apparently been modified by someone you may want to consider deleting it or renaming it and create a new one.

You can use your own or one of the managed ones you probably are already running.

Start HJT and do a Scan only, then place a check mark on the following items.

O4 - HKLM..\Run: [] File not found

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [Aim6] File not found

Then click on Fix selected..

You have a lot of sites in your Trusted Zone for IE. You should open that up in the Options for IE, Security and verify them and if you don't know them then remove them.

Yes I would tend to believe that all of the following files are not legitimate.

Please upload the following files to Jotti's malware scan

C:\Documents and Settings\Administrator\Application Data\izikuwa.sys

C:\Documents and Settings\All Users\Application Data\ulari.sys

C:\Documents and Settings\All Users\Documents\bamuti.vbs

C:\WINDOWS\System32\xivun.exe

C:\WINDOWS\epege.vbs

C:\WINDOWS\gituteguge.bat

C:\Documents and Settings\Administrator\Application Data\ulonam.bin

C:\Documents and Settings\All Users\Application Data\agyxyman.bin

C:\WINDOWS\tyvowot.scr

C:\WINDOWS\awilosofol.lib

C:\WINDOWS\huqovyli.bin

C:\Documents and Settings\Administrator\Local Settings\Application Data\bexacita.exe

C:\WINDOWS\System32\acivadoxis._sy

C:\Documents and Settings\All Users\Documents\afiliqanof.db

C:\Documents and Settings\All Users\Application Data\jymuv.inf

C:\Documents and Settings\All Users\Documents\axunuqaj._dl

C:\WINDOWS\efotofubo._dl

C:\WINDOWS\puni.lib

C:\Documents and Settings\Administrator\Local Settings\Application Data\bafo._dl

C:\Documents and Settings\Administrator\Application Data\igok.lib

C:\WINDOWS\evopiv._sy

C:\WINDOWS\System32\idizujujoj.vbs

C:\WINDOWS\qamury.db

C:\WINDOWS\qafaru.bin

C:\WINDOWS\rujuxobex.dl

C:\WINDOWS\jebu.scr

C:\WINDOWS\juke.reg

C:\Documents and Settings\All Users\Application Data\tidu.bin

C:\Documents and Settings\Administrator\Application Data\gavavyhyle.pif

C:\WINDOWS\jopacoky.pif

C:\Documents and Settings\Administrator\Desktop\delself.bat

C:\WINDOWS\System32\TDSSareg.dat I know this one is bad

Any files that are found to be infected please include in a ZIP file and upload to here please: UploadNET

Share this post


Link to post
Share on other sites

Hi,

The host entry is actually OK and something I added to prevent the kids from mistakenly going to a bad site when browsing to dickssportinggoods.com.

This happened to a friend of mine, and at the time changing the hosts file seemed like a quick and dirty way to prevent this :-). Moving forward though,

I plan to use opendns.org for this computer so I have much better protection.

HJT does not list the 3 lines below so I wasn't sure how to properly fix them. I found these 3 lines in the ollistit.txt file.

Does the ollistit.exe program provide a way to fix these lines? We don't use AIM so I could also unistall it if that helps.

O4 - HKLM..\Run: [] File not found

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-1105315535-2926988035-3615119530-500..\Run: [Aim6] File not found

==================================================

I still need to upload the files you flagged to Jotti's malware scan. Will do that as soon as I can.

I removed Java 5.0 and Adobe Reader 7.0 successfully.

I would like to fix the DCOM errors too and will look for help in the PC Help forum. Thanks for the pointer!

Here are the lastest MBAM and HJT logs. Your help is much appreciated!

MBAM:

========================================================

Malwarebytes' Anti-Malware 1.30

Database version: 1406

Windows 5.1.2600 Service Pack 3

11/18/2008 5:57:41 AM

mbam-log-2008-11-18 (05-57-41).txt

Scan type: Quick Scan

Objects scanned: 51383

Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT Log:

===========================================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:58:52 AM, on 11/18/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Garmin\gStart.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\HPHipm09.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194467701703

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10435 bytes

Share this post


Link to post
Share on other sites

Thanks. Let us know when you've uploaded the files to JOTTI and what is found.

If all of them are found to be infected please zip them up and upload them to us as well so we can review and add them to our definition rule set for future removal.

Share this post


Link to post
Share on other sites

Hi,

I finished the Jotti online scan of all the suspected files and none of them reported viruses including the TDSSareg.dat file - which seems strange.

Is there anything I need to do to fix the 3 lines flagged by the ollistit program? I couldn't fix them with HJT.

Other than that, I think my system is clean. Thanks for all your help, it was priceless! Please let me know if there is anything else I need to do.

Thanks,

-Bob

Share this post


Link to post
Share on other sites

No those items in the OTLIST were more of an oddity than an actual issue for the Run items and can be ignored.

As for those files not being found as "infected" they may have been cleaned up by AV tools and left behind. What I would do is create a NEW folder and put all of them in there and save them there for like a week just to make sure the computer has not problems with these files removed and if all is okay after a week, then up to you but you can probably then delete them.

Let's run one more round of MBAM, update, Quick Scan, Fix if found. Then reboot and new HJT log and if all is still okay we'll consider you now clean.

Thanks.

Share this post


Link to post
Share on other sites

Hi,

The MBAM scan was clean. Here is what is hopefully my final HJT log!!! I want to thank you again for all your help. I couldn't have cleaned my system without you!

One more question (and perhaps I should post it to a different forum??) Is there a security policy that you or Malwarebytes recommends? Such as a suite of anti-malware products that should be used regularly? I'm very happy with the Malwarebytes product and $25 bucks for life is a real bargain and a no-brainer! Also, I plan to use opendns.org to limit a lot of the sites my kids can get to. I think it also makes sense to keep using Spybot Search and Destroy. Do you recommend running the GMER.EXE utility once in a while too? Are there any other anti-malware programs you recommend using?

Thanks!

Final HJT LOG!!!! :-)

=============================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:00:06 PM, on 11/19/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Garmin\gStart.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPHipm09.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194467701703

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10378 bytes

Share this post


Link to post
Share on other sites

Best suggestion is to make sure your kids only have a LIMITED account on the system and not Admin rights. That slows down most Malware quite a bit on it's own but not everything.

Take a look at this which should help you to keep your system clean. I'll close this thread now since you appear to be clean.

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • Check Turn off System Restore.

  • Click Apply, and then click OK.

  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • UN-Check *Turn off System Restore*.

  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy

Download it from
here
. Just choose a mirror and off you go.

Find here the tutorial on how to use Spybot properly
here

Install SpyWare Blaster

Download it from
here

Find here the tutorial on how to use Spyware Blaster
here

Install WinPatrol

Download it from
here

Here you can find information about how WinPatrol works
here

Install FireTrust SiteHound

You can find information and download it from
here

Install hpHosts

Download it from
here

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,

tracking and malicious websites. This prevents your computer from connecting to these untrusted sites

by redirecting them to 127.0.0.1 which is your own local computer.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Visit Microsoft often to get the latest updates for your computer.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.

I recommend
Online Armor Free

A little outdated but good reading on

how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.