Solved Help removing a Quarantined Trojan Horse

[Resolved] Help removing a Quarantined Trojan Horse

I continue to get a pop-up stating my Symantec AntiVirus has quarantined a Trojan Horse, Filename - SaB0p62m.dll - and have tried to delete the Trojan Horse (right click on the message and select "delete from system "), but continue to periodically get the pop-up. The original location is C:\WINDOWS\system32\ . I have done a full virus scan and cleaned my system, but it hasn't helped.

I'm also getting a voice over message that says, "Congratulations, you have been selected to receive a $1000 Wal-Mart gift card" but there is no visible pop-up. While typing this message, I also started getting various sound effects (sounded like repair work being done), again with no visible pop-ups. I'm not sure if this is associated with the Trojan Horse because they happen at different times.

Can someone help me get rid of the Trojan Horse pop-up and the voice over and sounds?

Ran HijackThis Installer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:00 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\system32\s5bF7UO3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Mirar - {54FF24F1-C742-4D7B-9EC2-7D2A443F47AF} - C:\WINDOWS\system32\winab75.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: Mirar - {54FF24F0-C742-4D7B-9EC2-7D2A443F47AF} - C:\WINDOWS\system32\winab75.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10736 bytes


smorel1313

 

Hi smorel1313

We need to run another tool that will give us a better look at things.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of both logs here in your next reply.

 

Help removing a Quarantined Trojan Horse

RSIT in 2 post
I continue to get a pop-up stating my Symantec AntiVirus has quarantined a Trojan Horse, Filename - SaB0p62m.dll - and have tried to delete the Trojan Horse (right click on the message and select "delete from system "), but continue to periodically get the pop-up. The original location is C:\WINDOWS\system32\ . I have done a full virus scan and cleaned my system, but it hasn't helped.

I'm also getting a voice over message that says, "Congratulations, you have been selected to receive a $1000 Wal-Mart gift card" but there is no visible pop-up. While typing this message, I also started getting various sound effects (sounded like repair work being done), again with no visible pop-ups. I'm not sure if this is associated with the Trojan Horse because they happen at different times.

Can someone help me get rid of the Trojan Horse pop-up and the voice over and sounds?



Hi smorel1313

We need to run another tool that will give us a better look at things.

* Download RSIT by random/random and save it to your desktop.
* Double click RSIT.exe to start the tool and click Continue at the disclaimer.
* When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
* Please post the contents of both logs here in your next reply.

Logfile of random's system information tool (written by random/random)
Run by Sigmund Morel at 2008-08-30 13:23:24
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 447 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:58 PM, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Symantec AntiVirus\DWHWIZRD.EXE
C:\WINDOWS\system32\s5bF7UO3.exe
C:\Documents and Settings\Sigmund Morel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sigmund Morel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Mirar - {54FF24F1-C742-4D7B-9EC2-7D2A443F47AF} - C:\WINDOWS\system32\winab75.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: Mirar - {54FF24F0-C742-4D7B-9EC2-7D2A443F47AF} - C:\WINDOWS\system32\winab75.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10918 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54FF24F1-C742-4D7B-9EC2-7D2A443F47AF}]
Mirar - C:\WINDOWS\system32\winab75.dll [2008-08-13 401408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-06-07 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]
{84938242-5C5B-4A55-B6B9-A1507543B418} - Protection Bar - C:\Program Files\Video Access ActiveX Object\iesplugin.dll []
{54FF24F0-C742-4D7B-9EC2-7D2A443F47AF} - Mirar - C:\WINDOWS\system32\winab75.dll [2008-08-13 401408]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-06-14 7573504]
"High Definition Audio Property Page Shortcut "=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-04-18 61952]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"QPService "=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-12 102400]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"QlbCtrl "=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset "=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 40960]
"RecGuard "=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Reminder "=C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
"AOLDialer "=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray "=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-03-14 125632]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-09 185632]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-03-23 50736]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\WINDOWS\system32\a.exe "= "C:\WINDOWS\system32\a.exe:*isabled:a "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

List of files/folders created in the last three months

2008-08-30 13:23:24 ----D---- C:\rsit
2008-08-26 17:06:32 ----D---- C:\Program Files\Trend Micro
2008-08-25 16:19:11 ----A---- C:\WINDOWS\system32\winab75.dll
2008-08-23 15:11:24 ----A---- C:\WINDOWS\system32\s5bF7UO3.exe
2008-08-19 17:04:32 ----A---- C:\WINDOWS\vpc32.INI
2008-08-17 19:05:47 ----A---- C:\WINDOWS\system32\a.exe
2008-08-16 20:13:47 ----A---- C:\WINDOWS\system32\s5bF7UO3.exe.a_a
2008-08-16 17:16:16 ----A---- C:\WINDOWS\system32\BNLkE76h.exe.a_a
2008-08-16 17:16:13 ----A---- C:\WINDOWS\system32\BNLkE76h.exe
2008-08-12 22:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-12 22:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-12 22:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-12 22:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-12 22:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-12 22:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-12 22:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-29 20:36:59 ----D---- C:\Program Files\Phantom EFX
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\java.exe
2008-07-26 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-24 07:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-14 14:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-14 14:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-14 14:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-14 14:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-08 15:26:08 ----D---- C:\Program Files\Sun
2008-06-03 21:02:47 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 09:45:33 ----A---- C:\WINDOWS\system32\muweb.dll
2008-06-03 09:45:33 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-06-03 09:45:33 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-06-03 09:32:12 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-06-03 09:29:59 ----D---- C:\Program Files\MSBuild
2008-06-03 09:29:21 ----D---- C:\Program Files\Microsoft Visual Studio
2008-06-03 09:29:20 ----D---- C:\Program Files\Common Files\DESIGNER
2008-06-03 09:27:53 ----D---- C:\Program Files\Microsoft.NET
2008-06-03 09:24:23 ----D---- C:\WINDOWS\SHELLNEW
2008-06-03 09:22:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-03 09:21:59 ----RHD---- C:\MSOCache
2008-06-03 07:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

List of drivers

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-04-18 569856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-03-09 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-03-09 206976]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080830.007\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080830.007\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-14 3660672]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 11136]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-03-09 726400]
S1 OMCI;OMCI; C:\WINDOWS\system32\SYSTEM32\DRIVERS\OMCI.SYS []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\system32\DRIVERS\iaStor.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []

List of services

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-31 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-14 143427]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

 

Help removing a Quarantined Trojan Horse

RSIT in 2 post
info.txt logfile of random's system information tool 2008-08-30 13:24:05

Uninstall list

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe "
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe "
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe "
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe "
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe "
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Diner Dash 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Dora's Carnival Adventure\Uninstall.exe "
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe "
--> "C:\Program Files\HP Games\FATE\Uninstall.exe "
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe "
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe "
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe "
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe "
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe "
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe "
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
--> "C:\Program Files\HP Games\Tinos Fruit Stand\Uninstall.exe "
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe "
--> "C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe "
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\Setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Connectivity Services--> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
Apple Mobile Device Support-->MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Apple Software Update-->MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B5a.INF
Cox Online Support Controls--> "C:\Program Files\SupportSoft\unins000.exe "
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Flock 1.1-->C:\Program Files\Flock\uninst.exe
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll "
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B5m\HXFSETUP.EXE -U -Iwis30B5m.inf
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows XP (KB896256)--> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB909095)--> "C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB910728)--> "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB912436)--> "C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB914906)--> "C:\WINDOWS\$NtUninstallKB914906$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915326)--> "C:\WINDOWS\$NtUninstallKB915326$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB918005)--> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP DVD Play 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0027-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 3.1 (Symantec Corporation)--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft Money 2006--> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mirar-->mshta.exe http://remove.getmirar.com/
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
My HP Games--> "C:\Program Files\HP Games\Uninstall.exe "
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893066)--> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896422)--> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896424)--> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901190)--> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
Security Update for Windows XP (KB903235)--> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe "
Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
Security Update for Windows XP (KB912919)--> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913446)--> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917344)--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917422)--> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921398)--> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922616)--> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923694)--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924191)--> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925454)--> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925486)--> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareLocked 3.2-->C:\Program Files\SpywareLocked\uninst.exe
Symantec AntiVirus-->MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb955433)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Update for Windows XP (KB896727)--> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
Update for Windows XP (KB929338)--> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
Update for Windows XP (KB931836)--> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
Update for Windows XP (KB932823-v3)--> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe "
Update for Windows XP (KB933360)--> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Uptown Engine-->C:\WINDOWS\system32\UpMedia\uninstallSE.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows Media Connect--> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe "
Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Safety Alert-->C:\DOCUME~1\SIGMUN~1\LOCALS~1\Temp\laf821.tmp /del
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB884575-->C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885464-->C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB888402-->C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892559--> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe "
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Security center information

AV: Norton Internet Security 2006 (outdated)
AV: Symantec AntiVirus Corporate Edition
FW: Norton Internet Worm Protection (disabled)
FW: Norton Internet Security 2006

Environment variables

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=4c02
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"SonicCentral "=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE "=PRESARIO
"PLATFORM "=MCD
"CLASSPATH "=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

 

Hi smorel1313
Please keep all your replies to this in this thread. or noahdfear will not know you posted back.

Thanks
Geri

 

Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Malwarebytes' Anti-Malware 1.25
Database version: 1101
Windows 5.1.2600 Service Pack 2

1:33:10 PM 8/31/2008
mbam-log-08-31-2008 (13-33-10).txt

Scan type: Quick Scan
Objects scanned: 67341
Time elapsed: 20 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54ff24f0-c742-4d7b-9ec2-7d2a443f47af} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54ff24f0-c742-4d7b-9ec2-7d2a443f47af} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54ff24f1-c742-4d7b-9ec2-7d2a443f47af} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54ff24f1-c742-4d7b-9ec2-7d2a443f47af} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spywarelocked (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\upmedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{54ff24f0-c742-4d7b-9ec2-7d2a443f47af} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{54ff24f0-c742-4d7b-9ec2-7d2a443f47af} (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpywareLocked (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\Lang (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\Logs (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\Quarantine (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigmund Morel\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigmund Morel\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\winab75.dll (Adware.Mirar) -> Delete on reboot.
C:\Program Files\SpywareLocked\blacklist.txt (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\msvcp71.dll (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\msvcr71.dll (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\sl.dat (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\sl.dat.old (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\SpywareLocked.url (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\uninst.exe (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\SpywareLocked\Lang\English.ini (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia\uninstallSE.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigmund Morel\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BNLkE76h.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s5bF7UO3.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigmund Morel\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigmund Morel\Local Settings\Temp\laf821.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.

 

My apologies for the late response

Please run RSIT again and post the new log here (there will be only 1 this time).

 

Help Removing a Quarantined Trojan Horse

Sorry for my delay in responding. I live in south Louisiana and was affected by Hurricane Gustav.

Logfile of random's system information tool (written by random/random)
Run by Sigmund Morel at 2008-09-03 18:15:25
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 447 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:41 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\s5bF7UO3.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Flock\flock\flock.exe
C:\Documents and Settings\Sigmund Morel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sigmund Morel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10679 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-06-07 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]
{84938242-5C5B-4A55-B6B9-A1507543B418} - Protection Bar - C:\Program Files\Video Access ActiveX Object\iesplugin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-06-14 7573504]
"High Definition Audio Property Page Shortcut "=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-04-18 61952]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"QPService "=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-12 102400]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"QlbCtrl "=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset "=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 40960]
"RecGuard "=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Reminder "=C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
"AOLDialer "=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray "=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-03-14 125632]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-09 185632]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-03-23 50736]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\WINDOWS\system32\a.exe "= "C:\WINDOWS\system32\a.exe:*isabled:a "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-31 14:28:28 ----A---- C:\WINDOWS\system32\s5bF7UO3.exe.a_a
2008-08-31 13:08:30 ----D---- C:\Documents and Settings\Sigmund Morel\Application Data\Malwarebytes
2008-08-31 13:08:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 13:08:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 13:23:24 ----D---- C:\rsit
2008-08-26 17:06:32 ----D---- C:\Program Files\Trend Micro
2008-08-23 15:11:24 ----A---- C:\WINDOWS\system32\s5bF7UO3.exe_
2008-08-23 15:11:24 ----A---- C:\WINDOWS\system32\s5bF7UO3.exe
2008-08-19 17:04:32 ----A---- C:\WINDOWS\vpc32.INI
2008-08-17 19:05:47 ----A---- C:\WINDOWS\system32\a.exe
2008-08-16 17:16:13 ----A---- C:\WINDOWS\system32\BNLkE76h.exe
2008-08-12 22:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-12 22:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-12 22:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-12 22:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-12 22:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-12 22:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-12 22:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-29 20:36:59 ----D---- C:\Program Files\Phantom EFX
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\java.exe
2008-07-26 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-24 07:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-14 14:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-14 14:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-14 14:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-14 14:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-08 15:26:08 ----D---- C:\Program Files\Sun

List of drivers

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-04-18 569856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-03-09 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-03-09 206976]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080831.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080831.003\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-14 3660672]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 11136]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-03-09 726400]
S1 OMCI;OMCI; C:\WINDOWS\system32\SYSTEM32\DRIVERS\OMCI.SYS []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\system32\DRIVERS\iaStor.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []

List of services

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-31 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-14 143427]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

 

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

ComboFix 08-09-05.04 - Sigmund Morel 2008-09-07 20:55:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -5:00]
Running from: C:\Documents and Settings\Sigmund Morel\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\Sigmund Morel\Cookies\sigmund_morel@2o7[1].txt
C:\Documents and Settings\Sigmund Morel\Cookies\sigmund_morel@insightexpressai[2].txt
C:\Documents and Settings\Sigmund Morel\Cookies\sigmund_morel@trafficmp[2].txt
C:\Documents and Settings\Sigmund Morel\ResErrors.log
C:\WINDOWS\system32\a.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.

2008-08-31 14:28 . 2008-08-31 14:28 0 --a------ C:\WINDOWS\system32\s5bF7UO3.exe.a_a
2008-08-31 14:25 . 2008-09-07 14:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-31 14:25 . 2008-08-31 14:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Documents and Settings\Sigmund Morel\Application Data\Malwarebytes
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 13:08 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-31 13:08 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 13:23 . 2008-08-30 13:24 <DIR> d-------- C:\rsit
2008-08-26 17:06 . 2008-08-26 17:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 15:11 . 2008-09-07 14:18 38,914 --a------ C:\WINDOWS\system32\s5bF7UO3.exe_
2008-08-23 15:11 . 2008-09-07 20:10 38,914 --a------ C:\WINDOWS\system32\s5bF7UO3.exe
2008-08-19 17:04 . 2008-08-19 17:04 0 --a------ C:\WINDOWS\vpc32.INI
2008-08-16 17:16 . 2008-08-16 17:15 29,760 --a------ C:\WINDOWS\system32\BNLkE76h.exe
2008-08-12 21:40 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 01:40 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-31 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-17 23:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-05 19:03 --------- d-----w C:\Program Files\LimeWire
2008-07-30 01:36 --------- d-----w C:\Program Files\Phantom EFX
2008-07-28 01:51 --------- d-----w C:\Program Files\Java
2007-09-01 02:32 318 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\wklnhst.dat
2007-07-04 03:01 374 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb6334.dat
2007-07-04 02:59 18,432 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb41.dat
2007-07-04 02:58 556 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb8467.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-06-14 7573504]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard "= "C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder "= "C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 185632]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"High Definition Audio Property Page Shortcut "= "CHDAudPropShortcut.exe" [2006-04-18 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-03-23 16:18 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sigmund Morel\Application Data\Mozilla\Firefox\Profiles\lq4sy35x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 21:00:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-07 21:04:54
ComboFix-quarantined-files.txt 2008-09-08 02:04:44

Pre-Run: 14,129,106,944 bytes free
Post-Run: 14,220,533,760 bytes free

144 --- E O F --- 2008-08-13 03:20:29

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:37 PM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\system32\s5bF7UO3.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10091 bytes

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dl, msnsspc.dll "

Double click fix.reg and allow it to merge with the registry, then delete fix.reg.


Download RegSearch.zip and extract the contents of the zip file to it's own folder.
Open the folder and double-click the icon for RegSearch.exe to launch the program.
Enter s5bF7UO3.exe on the top line and click OK. After completion, notepad will be opened with all the found instances, if any. Please post that log here.


Finally, once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/76372-help-removing-quarantined-trojan-horse.html#post415667

Collect::[22]
C:\WINDOWS\system32\s5bF7UO3.exe.a_a
C:\WINDOWS\system32\s5bF7UO3.exe_
C:\WINDOWS\system32\s5bF7UO3.exe
Suspect::[22]
C:\WINDOWS\vpc32.INI
C:\WINDOWS\system32\BNLkE76h.exe

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files for analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.

Thanks!

 

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 9/9/2008 9:27:34 AM for strings:
; 's5bf7uo3.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
ComboFix 08-09-05.10 - Sigmund Morel 2008-09-09 9:33:29.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.81 [GMT -5:00]
Running from: C:\Documents and Settings\Sigmund Morel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sigmund Morel\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-07 21:16 . 2008-09-07 21:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2008-09-07 21:15 . 2008-09-07 21:15 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-31 14:25 . 2008-09-07 21:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-31 14:25 . 2008-08-31 14:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Documents and Settings\Sigmund Morel\Application Data\Malwarebytes
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 13:08 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-31 13:08 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 13:23 . 2008-08-30 13:24 <DIR> d-------- C:\rsit
2008-08-26 17:06 . 2008-08-26 17:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-19 17:04 . 2008-08-19 17:04 0 --a------ C:\WINDOWS\vpc32.INI
2008-08-16 17:16 . 2008-08-16 17:15 29,760 --a------ C:\WINDOWS\system32\BNLkE76h.exe
2008-08-12 21:40 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 02:15 --------- d-----w C:\Program Files\Common Files\Real
2008-09-08 01:40 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-31 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-17 23:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-05 19:03 --------- d-----w C:\Program Files\LimeWire
2008-07-30 01:36 --------- d-----w C:\Program Files\Phantom EFX
2008-07-28 01:51 --------- d-----w C:\Program Files\Java
2007-09-01 02:32 318 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\wklnhst.dat
2007-07-04 03:01 374 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb6334.dat
2007-07-04 02:59 18,432 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb41.dat
2007-07-04 02:58 556 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb8467.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-07_21.04.18.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-08 01:51:52 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2008-09-09 04:04:51 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-09-08 01:51:52 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-09-09 04:04:51 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-09-08 01:51:52 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-09-09 04:04:51 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-02-09 16:04:38 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-09-08 02:15:16 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-02-09 16:04:42 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-09-08 02:15:20 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-02-09 16:04:42 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-09-08 02:15:20 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-02-09 16:05:30 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-09-08 02:15:31 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-06-14 7573504]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard "= "C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder "= "C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"High Definition Audio Property Page Shortcut "= "CHDAudPropShortcut.exe" [2006-04-18 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-03-23 16:18 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 09:37:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-09 9:40:57
ComboFix-quarantined-files.txt 2008-09-09 14:40:50
ComboFix2.txt 2008-09-09 03:54:19
ComboFix3.txt 2008-09-08 02:04:55

Pre-Run: 14,042,042,368 bytes free
Post-Run: 14,028,046,336 bytes free

144 --- E O F --- 2008-08-13 03:20:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:50 AM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10170 bytes

 

Thanks for the upload! See if you can delete the following 2 files manually.

C:\WINDOWS\vpc32.INI
C:\WINDOWS\system32\BNLkE76h.exe

If successful, empty the recycle bin when done.


Next, do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log and a fresh RSIT log.

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, September 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 11, 2008 01:13:54
Records in database: 1210085
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 101638
Threat name: 20
Infected objects: 66
Suspicious objects: 0
Duration of the scan: 02:42:39


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33AA01F0.tmp Infected: Trojan.Java.ClassLoader.ao 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33AD2BED.tmp Infected: Trojan.Java.ClassLoader.ao 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0000.VBN Infected: Trojan-Downloader.Win32.Agent.aboo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06D00000\4EF8B3F6.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06D00001\4EF8BD8C.VBN Infected: Backdoor.Win32.Frauder.p 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06D00002\4EF8CFFB.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D80000.VBN Infected: Trojan.Java.ClassLoader.ao 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D80001.VBN Infected: Trojan.Java.ClassLoader.ao 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BB80000\4BB86C76.VBN Infected: Trojan-Downloader.Win32.Agent.abrf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BB80001\4BB86F18.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C680000\4CF8C372.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CFC0000\4CFC2138.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CFC0001\4CFC3D4F.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180000\4F985C9F.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D6C0000\4F7FECB2.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D6C0001\4F7FF728.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700000\4DFBA50C.VBN Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700000\4DFBA50C.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700001\4DFBA53A.VBN Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700001\4DFBA53A.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700002\4DFBA555.VBN Infected: Trojan.Java.ClassLoader.ao 3
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700003\4DFBA570.VBN Infected: Trojan.Java.ClassLoader.ao 3
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D740000\4DF4100D.VBN Infected: Exploit.Multi.Qtp.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D780000\4DF9C48B.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC40000\4DFF0D6A.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC40003\4DFF244D.VBN Infected: Exploit.Win32.IMG-TIF.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC40004.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC40005\4DFF467D.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002\4DDC8B72.VBN Infected: Exploit.Win32.IMG-TIF.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0004\4DDC8DFE.VBN Infected: Exploit.Win32.IMG-TIF.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E5C0000\4EFEC8B7.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E5C0001\4EFEE4DF.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E5C0002\4EFF0128.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E740000\4EFD8F08.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E740005\4EFDAA37.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E740008\4EFDC77F.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E740009\4EFDCDC3.VBN Infected: Trojan-Downloader.Win32.Agent.adxa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E74000A\4EFDE2C2.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E74000B\4EFED35B.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E900000\4EB35A72.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E980000\4ED9BEE7.VBN Infected: Trojan-Downloader.Win32.Zlob.ghv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E980001\4ED9D071.VBN Infected: Trojan-Downloader.Win32.Zlob.esi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F200000\4FAB2AEF.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F200001\4FAB483F.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F4C0000\4FCD2E89.VBN Infected: Trojan-Downloader.Win32.Zlob.ghv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500001\4FF471F5.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500002\4FF48E40.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4FD9AD92.VBN Infected: Trojan-Downloader.Win32.Zlob.bov 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580001\4FD9ADB3.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F5C0000\4FDDD87A.VBN Infected: Trojan-Downloader.Win32.Zlob.bih 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F5C0001\4FDDF140.VBN Infected: Trojan-Downloader.Win32.Zlob.bov 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F5C0002\4FDDF481.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\105C0000\567FEA44.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\105C0001\567FEA51.VBN Infected: Trojan-Downloader.Win32.Zlob.bng 1
C:\QooBox\Quarantine\C\WINDOWS\system32\a.exe.vir Infected: Trojan-Downloader.Win32.Small.abfr 1
C:\QooBox\Quarantine\[22]-Submit_2008-09-08@22.47.zip Infected: Trojan-Downloader.Win32.Agent.aeyu 2
C:\QooBox\Quarantine\[22]-Submit_2008-09-08@22.47.zip Infected: Trojan-Downloader.Win32.Firu.po 1
C:\QooBox\Quarantine\[22]-Submit_2008-09-09@9.33.zip Infected: Trojan-Downloader.Win32.Firu.po 1
C:\WINDOWS\system32\s5bF7UO3.exe Infected: Trojan-Downloader.Win32.Agent.afvt 1

The selected area was scanned.

 

Logfile of random's system information tool (written by random/random)
Run by Sigmund Morel at 2008-09-10 22:13:47
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (45%) free of 30 GB
Total RAM: 447 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:02 PM, on 9/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\system32\s5bF7UO3.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Sigmund Morel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sigmund Morel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10290 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-07 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-06-07 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-06-14 7573504]
"High Definition Audio Property Page Shortcut "=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-04-18 61952]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"QPService "=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-12 102400]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"QlbCtrl "=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset "=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 40960]
"RecGuard "=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Reminder "=C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
"AOLDialer "=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray "=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-03-14 125632]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-07 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-03-23 50736]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "=msapsspc.dll, schannel.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

List of files/folders created in the last three months

2008-09-10 19:15:09 ----SHD---- C:\RECYCLER
2008-09-09 10:12:57 ----A---- C:\WINDOWS\system32\s5bF7UO3.exe.a_a
2008-09-09 10:12:57 ----A---- C:\WINDOWS\system32\s5bF7UO3.exe
2008-09-09 09:42:25 ----D---- C:\WINDOWS\temp
2008-09-09 09:40:58 ----A---- C:\ComboFix.txt
2008-09-07 21:15:43 ----D---- C:\Program Files\Common Files\xing shared
2008-09-07 20:32:46 ----D---- C:\WINDOWS\erdnt
2008-09-07 20:32:14 ----AD---- C:\QooBox
2008-09-07 20:32:10 ----A---- C:\WINDOWS\zip.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\VFind.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\swsc.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\swreg.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\sed.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\grep.exe
2008-09-07 20:32:10 ----A---- C:\WINDOWS\fdsv.exe
2008-08-31 13:08:30 ----D---- C:\Documents and Settings\Sigmund Morel\Application Data\Malwarebytes
2008-08-31 13:08:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 13:08:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 13:23:24 ----D---- C:\rsit
2008-08-26 17:06:32 ----D---- C:\Program Files\Trend Micro
2008-08-12 22:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-12 22:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-12 22:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-12 22:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-12 22:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-12 22:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-12 22:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-29 20:36:59 ----D---- C:\Program Files\Phantom EFX
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-27 20:51:40 ----A---- C:\WINDOWS\system32\java.exe
2008-07-26 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-24 07:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-14 14:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-14 14:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-14 14:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-14 14:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-04-18 569856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-03-09 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-03-09 206976]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-14 3660672]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 11136]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-03-09 726400]
S1 OMCI;OMCI; C:\WINDOWS\system32\SYSTEM32\DRIVERS\OMCI.SYS []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\SIGMUN~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080906.003\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080906.003\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\system32\DRIVERS\iaStor.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []

List of services

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-31 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-14 143427]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

 

Please disable resident protections (Antivirus...) you'll re-enable them after the scan

Download Lop S&D and save it to your desktop.

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created at C:\lopR.txt


Don't forget to re-enable your resident protections now!

 

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Sigmund Morel ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 10.1.6.6000 (Activated)
Firewall : Norton Internet Security 2006 2006 (Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( Sat 09/13/2008|20:55 )

--------------------\\ Listing folders in APPLIC~1

[05/08/2008|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[04/20/2007|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[07/03/2007|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[04/20/2007|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[08/18/2007|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/24/2006|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/14/2006|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[01/27/2007|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/30/2008|07:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/14/2006|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[11/14/2006|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[08/31/2008|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[12/24/2006|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/10/2008|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[07/03/2007|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[11/14/2006|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[11/14/2006|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[05/01/2007|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[04/30/2007|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[04/20/2007|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[11/22/2006|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[01/25/2007|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[12/08/2006|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[11/14/2006|09:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[11/14/2006|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intuit
[11/14/2006|10:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[11/14/2006|10:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/14/2006|09:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[08/18/2008|09:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/10/2008|09:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[09/10/2008|09:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> AdobeUM
[08/19/2008|03:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Google
[08/16/2008|08:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[08/16/2008|08:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[09/07/2008|09:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Mozilla
[09/07/2008|09:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Real
[09/07/2008|09:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Talkback

[04/20/2007|10:16] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> acccore
[04/18/2008|03:30] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Adobe
[05/08/2008|09:30] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> AdobeUM
[02/09/2007|05:05] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Apple Computer
[12/20/2006|08:05] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> CyberLink
[04/18/2008|03:26] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Flock
[01/27/2007|07:52] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Google
[09/02/2007|09:14] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> GTek
[04/24/2007|11:24] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> HP
[11/14/2006|09:19] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Identities
[11/14/2006|10:24] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Intuit
[04/24/2007|11:22] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Leadertech
[11/26/2006|01:22] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Macromedia
[08/31/2008|01:08] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Malwarebytes
[06/03/2008|09:45] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Microsoft
[02/09/2008|11:08] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Mozilla
[06/03/2008|08:03] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> MSNInstaller
[04/18/2008|03:51] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Netscape
[02/26/2008|11:49] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Real
[04/24/2007|11:22] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Sonic
[12/28/2006|03:51] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Sun
[11/14/2006|09:54] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Symantec
[02/09/2008|11:09] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Talkback
[11/26/2006|01:49] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> Template
[11/22/2006|02:30] C:\DOCUME~1\SIGMUN~1\APPLIC~1\<DIR> WildTangent

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/08/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At72.job
[09/10/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At71.job
[09/10/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At70.job
[09/13/2008 08:46 PM][--a------] C:\WINDOWS\tasks\At69.job
[09/09/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At68.job
[09/09/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At67.job
[09/09/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At66.job
[09/10/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At65.job
[09/09/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At63.job
[09/07/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At64.job
[09/09/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At62.job
[09/09/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At61.job
[09/09/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At60.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At58.job
[09/09/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At59.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At57.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At55.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At56.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At53.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At54.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At52.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At51.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At50.job
[08/23/2008 03:11 PM][--a------] C:\WINDOWS\tasks\At49.job
[09/08/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At24.job
[09/10/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At23.job
[09/10/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At22.job
[09/10/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At21.job
[09/09/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At20.job
[09/09/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At19.job
[09/09/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At18.job
[09/09/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At17.job
[09/07/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At16.job
[09/09/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At14.job
[09/09/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At15.job
[09/09/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At13.job
[09/09/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At12.job
[09/09/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At11.job
[08/19/2008 09:00 AM][--a------] C:\WINDOWS\tasks\At10.job
[08/19/2008 08:00 AM][--a------] C:\WINDOWS\tasks\At9.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At8.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At7.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At6.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At5.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At4.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At3.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At2.job
[08/16/2008 05:16 PM][--a------] C:\WINDOWS\tasks\At1.job
[03/14/2008 11:55 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/13/2008 08:46 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 PM][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/14/2006|10:07] C:\Program Files\<DIR> Adobe
[07/03/2007|10:20] C:\Program Files\<DIR> AIM6
[08/18/2007|10:31] C:\Program Files\<DIR> Apple Software Update
[07/07/2007|06:16] C:\Program Files\<DIR> AvailaSoft
[09/09/2008|09:35] C:\Program Files\<DIR> Common Files
[11/14/2006|09:19] C:\Program Files\<DIR> ComPlus Applications
[11/14/2006|10:04] C:\Program Files\<DIR> CONEXANT
[11/14/2006|10:27] C:\Program Files\<DIR> DIFX
[11/14/2006|10:23] C:\Program Files\<DIR> DivX
[11/14/2006|10:00] C:\Program Files\<DIR> Encarta Online
[04/18/2008|04:06] C:\Program Files\<DIR> Flock
[02/01/2007|04:11] C:\Program Files\<DIR> Google
[11/14/2006|10:29] C:\Program Files\<DIR> Hewlett-Packard
[08/31/2007|09:16] C:\Program Files\<DIR> HP
[11/14/2006|10:16] C:\Program Files\<DIR> HP Games
[11/14/2006|10:28] C:\Program Files\<DIR> HP Rhapsody
[11/22/2006|12:13] C:\Program Files\<DIR> HPQ
[08/17/2008|06:29] C:\Program Files\<DIR> InstallShield Installation Information
[02/09/2007|04:52] C:\Program Files\<DIR> InterActual
[08/12/2008|10:15] C:\Program Files\<DIR> Internet Explorer
[12/24/2006|10:28] C:\Program Files\<DIR> iPod
[12/24/2006|10:28] C:\Program Files\<DIR> iTunes
[07/27/2008|08:51] C:\Program Files\<DIR> Java
[08/05/2008|02:03] C:\Program Files\<DIR> LimeWire
[08/31/2008|01:08] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[07/07/2007|06:17] C:\Program Files\<DIR> MARS
[08/12/2008|10:20] C:\Program Files\<DIR> Messenger
[06/03/2008|09:02] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[11/14/2006|09:19] C:\Program Files\<DIR> microsoft frontpage
[11/14/2006|10:02] C:\Program Files\<DIR> Microsoft Money 2006
[06/03/2008|09:54] C:\Program Files\<DIR> Microsoft Office
[11/14/2006|10:23] C:\Program Files\<DIR> Microsoft Office Trial Wizard
[06/03/2008|09:29] C:\Program Files\<DIR> Microsoft Visual Studio
[06/03/2008|09:54] C:\Program Files\<DIR> Microsoft Works
[06/03/2008|09:27] C:\Program Files\<DIR> Microsoft.NET
[11/14/2006|09:19] C:\Program Files\<DIR> Movie Maker
[09/07/2008|09:16] C:\Program Files\<DIR> Mozilla Firefox
[06/03/2008|09:29] C:\Program Files\<DIR> MSBuild
[06/03/2008|08:03] C:\Program Files\<DIR> MSN
[11/14/2006|09:19] C:\Program Files\<DIR> MSN Gaming Zone
[01/02/2007|12:42] C:\Program Files\<DIR> MSXML 4.0
[11/14/2006|10:21] C:\Program Files\<DIR> music_now
[11/14/2006|10:22] C:\Program Files\<DIR> muvee Technologies
[11/14/2006|09:19] C:\Program Files\<DIR> NetMeeting
[11/14/2006|10:18] C:\Program Files\<DIR> Netscape
[11/14/2006|10:04] C:\Program Files\<DIR> NetWaiting
[04/15/2007|10:26] C:\Program Files\<DIR> Norton Internet Security
[11/14/2006|10:19] C:\Program Files\<DIR> Online Services
[07/02/2007|08:33] C:\Program Files\<DIR> Outlook Express
[07/29/2008|08:36] C:\Program Files\<DIR> Phantom EFX
[04/18/2008|03:58] C:\Program Files\<DIR> Quicken
[11/14/2006|10:24] C:\Program Files\<DIR> Quickensetup
[12/24/2006|10:27] C:\Program Files\<DIR> QuickTime
[02/09/2008|11:04] C:\Program Files\<DIR> Real
[11/14/2006|09:19] C:\Program Files\<DIR> Sonic
[06/08/2008|03:26] C:\Program Files\<DIR> Sun
[02/26/2008|04:43] C:\Program Files\<DIR> SupportSoft
[05/01/2007|08:18] C:\Program Files\<DIR> Symantec
[09/07/2008|08:40] C:\Program Files\<DIR> Symantec AntiVirus
[11/14/2006|10:05] C:\Program Files\<DIR> Synaptics
[08/26/2008|05:06] C:\Program Files\<DIR> Trend Micro
[11/14/2006|09:19] C:\Program Files\<DIR> Uninstall Information
[04/20/2007|10:16] C:\Program Files\<DIR> Viewpoint
[11/14/2006|10:11] C:\Program Files\<DIR> WildTangent
[11/14/2006|10:24] C:\Program Files\<DIR> Windows Media Connect 2
[11/14/2006|10:20] C:\Program Files\<DIR> Windows Media Player
[11/14/2006|09:19] C:\Program Files\<DIR> Windows NT
[11/14/2006|09:19] C:\Program Files\<DIR> WindowsUpdate
[11/14/2006|09:19] C:\Program Files\<DIR> xerox
[11/14/2006|10:18] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/08/2008|09:32] C:\Program Files\Common Files\<DIR> Adobe
[04/20/2007|10:15] C:\Program Files\Common Files\<DIR> AOL
[08/18/2007|10:30] C:\Program Files\Common Files\<DIR> Apple
[06/03/2008|09:29] C:\Program Files\Common Files\<DIR> DESIGNER
[08/31/2007|09:12] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> HP
[11/14/2006|09:46] C:\Program Files\Common Files\<DIR> InstallShield
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> Java
[11/14/2006|10:30] C:\Program Files\Common Files\<DIR> LightScribe
[06/03/2008|09:54] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> MSSoap
[11/14/2006|10:22] C:\Program Files\Common Files\<DIR> muvee Technologies
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> ODBC
[09/07/2008|09:15] C:\Program Files\Common Files\<DIR> Real
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> Services
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> Sonic Shared
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> SureThing Shared
[04/18/2008|03:53] C:\Program Files\Common Files\<DIR> SWF Studio
[05/01/2007|08:19] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/03/2008|09:24] C:\Program Files\Common Files\<DIR> System
[11/14/2006|09:19] C:\Program Files\Common Files\<DIR> TiVo Shared
[09/07/2008|09:15] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\SIGMUN~1\LOCALS~1\Temp\nsa97.tmp
C:\DOCUME~1\SIGMUN~1\LOCALS~1\Temp\nsoCD.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 20:56:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job



[F:813][D:70]-> C:\DOCUME~1\SIGMUN~1\LOCALS~1\Temp
[F:381][D:0]-> C:\DOCUME~1\SIGMUN~1\Cookies
[F:4466][D:4]-> C:\DOCUME~1\SIGMUN~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 09/13/2008|20:57 - Option : [1]

--------------------\\ Scan completed at 20:57:22

 

Download ATF Cleaner by Atribune and save it to your Desktop.

Open MBAM and check for updates, then close it for now.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::
File::
C:\WINDOWS\system32\s5bF7UO3.exe.a_a
C:\WINDOWS\system32\s5bF7UO3.exe
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At1.job
C:\DOCUME~1\SIGMUN~1\LOCALS~1\Temp\nsa97.tmp
C:\DOCUME~1\SIGMUN~1\LOCALS~1\Temp\nsoCD.tmp

Close all other windows and programs.

Physically disconnect your computer from the internet. Do not reconnect until you've completed all scans and are ready to post the logs.

Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Close it for now.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


As soon as ComboFix finishes, run ATF Cleaner as follows.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


Now, open MBAM and do a complete system scan, removing anything it finds. Reboot when done.

This completes the scans, so reconnect and post the ComboFix log located at C:\combofix.txt
Open MBAM and click the Logs tab, select the last scan and post it's contents here.

Once you've done all of that, please run RSIT again and post the new log.txt as well.

 

ComboFix 08-09-05.10 - Sigmund Morel 2008-09-15 21:47:36.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.216 [GMT -5:00]
Running from: C:\Documents and Settings\Sigmund Morel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sigmund Morel\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sigmund Morel\Cookies\sigmund_morel@precisionclick[1].txt
C:\Documents and Settings\Sigmund Morel\Cookies\sigmund_morel@trafficmp[2].txt
C:\WINDOWS\system32\s5bF7UO3.exe
C:\WINDOWS\system32\s5bF7UO3.exe.a_a
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

2008-09-13 20:53 . 2008-09-13 20:57 <DIR> d-------- C:\Lop SD
2008-09-10 21:12 . 2008-09-10 21:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2008-09-07 21:16 . 2008-09-07 21:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2008-09-07 21:15 . 2008-09-07 21:15 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-31 13:08 . 2008-09-15 21:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Documents and Settings\Sigmund Morel\Application Data\Malwarebytes
2008-08-31 13:08 . 2008-08-31 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 13:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-31 13:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 13:23 . 2008-08-30 13:24 <DIR> d-------- C:\rsit
2008-08-26 17:06 . 2008-08-26 17:06 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 23:49 --------- d-----w C:\Program Files\LimeWire
2008-09-11 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 02:15 --------- d-----w C:\Program Files\Common Files\Real
2008-09-08 01:40 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-31 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-17 23:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-30 01:36 --------- d-----w C:\Program Files\Phantom EFX
2008-07-28 01:51 --------- d-----w C:\Program Files\Java
2007-09-01 02:32 318 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\wklnhst.dat
2007-07-04 03:01 374 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb6334.dat
2007-07-04 02:59 18,432 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb41.dat
2007-07-04 02:58 556 ----a-w C:\Documents and Settings\Sigmund Morel\Application Data\internaldb8467.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-07_21.04.18.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-15 02:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-29 05:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-29 05:49:28 606,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNIE.DLL
+ 2007-08-29 04:43:30 1,022,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTE.EXE
+ 2007-08-24 09:45:42 101,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTEM.EXE
+ 2007-08-24 09:45:42 75,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONFILTER.DLL
+ 2007-08-24 09:45:46 1,167,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONLIBS.DLL
+ 2007-10-13 02:08:52 6,588,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONMAIN.DLL
- 2008-09-08 01:51:52 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2008-09-09 18:43:11 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-09-08 01:51:52 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-09-09 18:43:11 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-09-08 01:51:52 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-09-09 18:43:11 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-13 03:20:05 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-09-11 03:33:29 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-08-13 03:20:05 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-09-11 03:33:29 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-13 03:20:05 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-09-11 03:33:29 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-08-13 03:20:05 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-09-11 03:33:29 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-08-13 03:20:05 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-11 03:33:29 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-13 03:20:05 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-11 03:33:29 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-08-13 03:20:05 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-09-11 03:33:29 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-13 03:20:05 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-09-11 03:33:29 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-08-13 03:20:05 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-11 03:33:29 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-08-13 03:20:05 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-09-11 03:33:29 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-08-13 03:20:05 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-09-11 03:33:29 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-13 03:20:05 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-11 03:33:29 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-09 16:04:38 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-09-08 02:15:16 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-02-09 16:04:42 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-09-08 02:15:20 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-02-09 16:04:42 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-09-08 02:15:20 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-02-09 16:05:30 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-09-08 02:15:31 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-06-14 7573504]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard "= "C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder "= "C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"High Definition Audio Property Page Shortcut "= "CHDAudPropShortcut.exe" [2006-04-18 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-03-23 16:18 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 21:53:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2008-09-15 21:59:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-16 02:59:14
ComboFix2.txt 2008-09-09 14:40:58
ComboFix3.txt 2008-09-09 03:54:19
ComboFix4.txt 2008-09-08 02:04:55

Pre-Run: 13,460,066,304 bytes free
Post-Run: 13,603,446,784 bytes free

252 --- E O F --- 2008-09-11 03:35:45
Malwarebytes' Anti-Malware 1.28
Database version: 1159
Windows 5.1.2600 Service Pack 2

9/15/2008 10:42:51 PM
mbam-log-2008-09-15 (22-42-51).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 137225
Time elapsed: 33 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\s5bF7UO3.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP132\A0065314.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP132\A0065368.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP133\A0065402.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP133\A0065412.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP133\A0065441.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP133\A0065470.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP133\A0065482.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP133\A0065493.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP134\A0066575.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP137\A0067145.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP139\A0067297.exe (Trojan.Agent) -> Quarantined and deleted successfully.