Solved Need help removing virus

johngkerr · 2010/05/22

[Resolved] Need help removing virus

please check these logs and help me remove any problem
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/22/2010 12:08:48 PM
mbam-log-2010-05-22 (12-08-48).txt

Scan type: Quick scan
Objects scanned: 140870
Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eujnvctl (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:54 PM, on 5/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100522120128.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [tcmaqygc] C:\Documents and Settings\john\Local Settings\Application Data\yuwhjpdss\rttpjcttssd.exe
O4 - Startup: SensorsView.lnk = C:\Program Files\SensorsView\sview.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {072CB141-B793-11D1-89B6-0020182C1446} (IntraLaunch.MainControl) - file://D:\Utilities\IntraLaunch.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://creatives3.lakefield.net:85/SysCamInst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://74.171.128.39:8080/program/SonySncRz25View.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: McAfee Application Installer Cleanup (0107521274547715) (0107521274547715mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\010752~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14322 bytes
thank you

PeteC · 2010/05/22

Please read this as indicated at the head of the forum and post the logs requested in this thread.

johngkerr · 2010/05/22

the two logs you need

DDS (Ver_10-03-17.01) - NTFSx86
Run by john at 13:28:43.95 on Sat 05/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.547 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\john\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100522120128.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Google Update] "c:\documents and settings\john\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [tcmaqygc] c:\documents and settings\john\local settings\application data\yuwhjpdss\rttpjcttssd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe "
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe
mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGuiSt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\john\startm~1\programs\startup\sensor~1.lnk - c:\program files\sensorsview\sview.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {072CB141-B793-11D1-89B6-0020182C1446} - file://d:\utilities\IntraLaunch.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://creatives3.lakefield.net:85/SysCamInst.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://212.129.168.37:81/kxhcm10.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://74.171.128.39:8080/program/SonySncRz25View.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-6-29 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-7 82952]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2005-2-7 1984]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-7-30 161064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-28 93320]
R2 McMPFSvc;McAfee Personal Firewall; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-7 271480]
R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-7 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-7 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-7 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-7 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-6-29 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-6-29 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-7 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-7 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2005-6-18 140416]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-7 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-7 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-6-29 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-6-29 40552]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\xpad.sys --> c:\windows\system32\drivers\xpad.sys [?]

=============== Created Last 30 ================

2010-05-22 16:41:02 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-22 16:37:31 1019 ----a-w- c:\windows\system32\Config.MPF
2010-05-08 03:46:58 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-08 03:46:47 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-08 03:46:47 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-08 03:46:47 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-08 03:46:47 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-08 03:46:47 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-08 03:46:47 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

==================== Find3M ====================

2010-04-27 22:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2007-03-28 19:57:53 18895728 ------w- c:\program files\Install_Messenger.exe
2005-07-30 01:39:07 14651330 ------w- c:\program files\OldeEnglish.org_-_Deadpuppies.mov
2005-07-28 15:35:16 959653376 ------w- c:\program files\ragnarok_setup.exe
2004-03-11 19:27:22 40960 ------w- c:\program files\Uninstall_CDS.exe
2003-07-28 11:16:52 36864 ----a-w- c:\windows\inf\i386\Vizmicro.dll
2003-07-28 11:16:26 172032 ----a-w- c:\windows\inf\i386\viceo.dll
2003-07-28 11:01:10 36207 ----a-w- c:\windows\inf\i386\9320FW.bin
2003-07-28 11:01:10 274432 ----a-w- c:\windows\inf\i386\9320LLD.dll
2003-07-28 11:01:10 155648 ----a-w- c:\windows\inf\i386\rtscan.dll
2001-08-03 23:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys
2008-09-07 17:05:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 13:30:52.43 ===============

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2005 1:26:06 AM
System Uptime: 5/22/2010 1:17:07 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE1000-G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 3014/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 40.004 GiB free.
D: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 862.044 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP384: 2/21/2010 12:10:18 PM - System Checkpoint
RP385: 2/22/2010 5:41:49 PM - System Checkpoint
RP386: 2/24/2010 4:01:43 PM - System Checkpoint
RP387: 2/24/2010 8:44:59 PM - Software Distribution Service 3.0
RP388: 2/27/2010 2:07:43 PM - System Checkpoint
RP389: 2/28/2010 9:32:49 PM - System Checkpoint
RP390: 3/1/2010 9:35:42 PM - System Checkpoint
RP391: 3/3/2010 6:17:24 PM - System Checkpoint
RP392: 3/4/2010 7:06:35 PM - System Checkpoint
RP393: 3/6/2010 12:19:24 AM - System Checkpoint
RP394: 3/7/2010 12:16:32 PM - System Checkpoint
RP395: 3/8/2010 7:48:09 PM - System Checkpoint
RP396: 3/8/2010 10:38:57 PM - Software Distribution Service 3.0
RP397: 3/10/2010 6:20:39 PM - System Checkpoint
RP398: 3/11/2010 7:21:41 PM - System Checkpoint
RP399: 3/11/2010 7:45:51 PM - Software Distribution Service 3.0
RP400: 3/13/2010 11:34:23 AM - System Checkpoint
RP401: 3/14/2010 4:48:30 PM - System Checkpoint
RP402: 3/15/2010 7:54:22 PM - Removed World in Conflict
RP403: 3/15/2010 7:55:36 PM - Removed RagnarokOnline
RP404: 3/15/2010 7:56:04 PM - Removed Ragnarok Online
RP405: 3/17/2010 6:19:29 PM - System Checkpoint
RP406: 3/18/2010 6:31:01 PM - System Checkpoint
RP407: 3/20/2010 1:34:34 PM - Removed Steam
RP408: 3/21/2010 6:01:39 PM - System Checkpoint
RP409: 3/22/2010 6:16:25 PM - System Checkpoint
RP410: 3/23/2010 10:51:40 PM - System Checkpoint
RP411: 3/25/2010 3:02:24 PM - System Checkpoint
RP412: 3/26/2010 7:52:05 PM - System Checkpoint
RP413: 3/27/2010 7:53:38 PM - System Checkpoint
RP414: 3/28/2010 11:05:19 PM - System Checkpoint
RP415: 3/30/2010 11:13:16 AM - System Checkpoint
RP416: 3/31/2010 9:57:18 AM - Software Distribution Service 3.0
RP417: 4/1/2010 6:25:02 PM - System Checkpoint
RP418: 4/3/2010 10:18:41 AM - System Checkpoint
RP419: 4/4/2010 1:21:21 PM - System Checkpoint
RP420: 4/5/2010 4:21:39 PM - System Checkpoint
RP421: 4/6/2010 7:46:41 PM - System Checkpoint
RP422: 4/8/2010 5:36:29 PM - System Checkpoint
RP423: 4/10/2010 12:24:02 AM - System Checkpoint
RP424: 4/11/2010 3:01:55 PM - System Checkpoint
RP425: 4/13/2010 6:13:51 PM - System Checkpoint
RP426: 4/14/2010 7:04:01 PM - System Checkpoint
RP427: 4/14/2010 9:17:05 PM - Software Distribution Service 3.0
RP428: 4/17/2010 11:43:28 AM - System Checkpoint
RP429: 4/18/2010 1:40:31 PM - System Checkpoint
RP430: 4/19/2010 3:12:21 PM - System Checkpoint
RP431: 4/20/2010 9:07:34 PM - System Checkpoint
RP432: 4/22/2010 6:08:26 PM - System Checkpoint
RP433: 4/23/2010 8:31:16 PM - System Checkpoint
RP434: 4/25/2010 2:45:37 PM - System Checkpoint
RP435: 4/26/2010 3:21:10 PM - System Checkpoint
RP436: 4/27/2010 6:35:45 PM - System Checkpoint
RP437: 4/30/2010 4:30:42 PM - System Checkpoint
RP438: 5/1/2010 5:37:03 PM - System Checkpoint
RP439: 5/2/2010 7:29:05 PM - System Checkpoint
RP440: 5/4/2010 6:49:41 AM - System Checkpoint
RP441: 5/5/2010 11:52:40 AM - System Checkpoint
RP442: 5/6/2010 4:48:02 PM - System Checkpoint
RP443: 5/7/2010 10:54:33 PM - System Checkpoint
RP444: 5/9/2010 12:03:48 PM - System Checkpoint
RP445: 5/10/2010 1:25:43 PM - System Checkpoint
RP446: 5/11/2010 6:53:17 PM - Software Distribution Service 3.0
RP447: 5/12/2010 8:22:28 PM - System Checkpoint
RP448: 5/14/2010 8:49:56 AM - System Checkpoint
RP449: 5/15/2010 5:07:16 PM - System Checkpoint
RP450: 5/16/2010 7:06:14 PM - System Checkpoint
RP451: 5/17/2010 7:07:44 PM - System Checkpoint
RP452: 5/19/2010 12:23:56 PM - System Checkpoint
RP453: 5/20/2010 5:13:07 PM - System Checkpoint
RP454: 5/22/2010 12:26:02 AM - System Checkpoint
RP455: 5/22/2010 11:17:19 AM - Restore Operation
RP456: 5/22/2010 11:37:21 AM - Restore Operation

==== Installed Programs ======================

Active@ UNDELETE
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
AIM 6.0
AIM 7
Albatross18 (OGplanet)
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avaya Wireless RG Setup Utility
Belarc Advisor 7.1
BellSouth FastAccess DSL Help Center
Block Master
Bonjour
BroadJump Client Foundation
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Cucusoft DVD to iPod/PSP + iPod/PSP Video Converter Suite 2.8.3
D&D Character Generator Demo
Diablo II
DivX
DivX Player
Download Manager 2.3.9
Download Updater (AOL LLC)
Duplicate File Finder
DVD Solution
Enable S3 for USB Device
ERUNT 1.1j
Ethereal 0.99.0
Form Fill (Windows Live Toolbar)
Free Games Offer, Desktop Shortcut
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Half-Life(R) 2
Hero Editor V0.96
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet 6500
HP Update
HyperCam 2
IGZ Lobby System
InterActual Player
iPod for Windows 2005-10-12
IrfanView (remove only)
iTunes
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro 9.01 - Mapped drive patch
Jasc Paint Shop Pro 9.01 Patch
Java(TM) 6 Update 17
Java(TM) 6 Update 7
LAME v3.98.2 for Audacity
LightScribe 1.4.109.1
Macromedia Shockwave Player
Magelo Sync (uninstall only)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Marvell Miniport Driver
Matroska Pack - Lazy Man's MKV 0.9.9
McAfee Total Protection
Medi@Show
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Nero Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
Paint Shop Pro 6.02 EVAL
PaperPort
PC Camera
PlayNC Launcher
Popup Blocker (Windows Live Toolbar)
Power2Go 3.0
PowerDirector
PowerDVD
PowerProducer
Quake III Arena
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SensorsView 1.2
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem
Starcraft
Symantec Technical Support Web Controls
Tales Animator 2.0
TeamSpeak 2 RC2
THE Rename
TI Connect 1.5
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
Ventrilo Client
Ventrilo Server
Visioneer OneTouch 9320
WebFldrs XP
WinAce Archiver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.1
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/22/2010 12:45:55 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/22/2010 12:45:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
5/22/2010 10:49:54 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
5/22/2010 10:48:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect.
5/22/2010 10:48:08 AM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:08 AM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Logical Disk Manager service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HID Input Service service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ Event System service to connect.
5/22/2010 10:48:07 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Logical Disk Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The HID Input Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2010 10:48:07 AM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2010 9:47:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
5/17/2010 9:47:59 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
5/17/2010 9:47:59 PM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.
5/17/2010 9:47:59 PM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: The system cannot find the file specified.
5/17/2010 9:47:37 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/17/2010 9:47:37 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/17/2010 11:46:40 PM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 000FEA6A477B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
5/16/2010 1:25:05 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/15/2010 3:56:13 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

PeteC · 2010/05/22

Thanks

One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

Thank you for your patience.

johngkerr · 2010/05/22

thank you

by the way my computer will not obtain an IP address automatically i had to enter an IP address manualy, also i can not change my windows style to XP only style is windows classic in the drop down window

broni · 2010/05/22

Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

=============================================================

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

johngkerr · 2010/05/22

i ran GMER and it rebooted after the scan there was log file saved but my desktop is back to normal, do you want me to run GMER again?

broni · 2010/05/22

GMER doesn't fix anything. It's just a scanner, so it couldn't fix anything on your computer.
However, I'd like to see its log.

johngkerr · 2010/05/23

"broni said: ↑

GMER doesn't fix anything. It's just a scanner, so it couldn't fix anything on your computer.
However, I'd like to see its log.
Click to expand...

i tryed to get GMER to run in the safe mode it ran for 4 hours and did stop.
how long should it run? all the problems came back when trun on the computer today. my computer would not turn off and was running very slow after i stoped GMER. i try one more time to run GMER.

broni · 2010/05/23

GMER may take time sometimes.
Try to run it in Safe Mode with "Devices" in right pane UN-checked.

johngkerr · 2010/05/23

I try to run GMER in normal mode it ran then locked up, had to use the power button to trun off the computer. When it is running in the normal mode it finds thinks then locks up.
In the safe mode it nevers finds anything and runs for hours. I also have to use the power button to turn off my computer after running GMER in safe mode. Also sometimes when I reboot my desktop is normal and other times it is in the classic mode

broni · 2010/05/24

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

johngkerr · 2010/05/25

combofix fixed alot of problems this is the log
combofix could not install recovery console because it could not find the internet should i run it again to install recovery console?

ComboFix 10-05-24.07 - john 05/25/2010 18:23:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.601 [GMT -5:00]
Running from: c:\documents and settings\john\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Favorites\fifu.exe
c:\documents and settings\john\GoToAssistDownloadHelper.exe
c:\documents and settings\john\HCUpgrade3.1.exe
c:\program files\Common Files\orrm
c:\program files\Common Files\orrm\orrma.lck
c:\program files\Common Files\orrm\orrmd\class-barrel
c:\program files\Common Files\orrm\orrmd\vocabulary
c:\program files\Common Files\orrm\orrmh
c:\program files\Common Files\orrm\orrml.lck
c:\program files\Common Files\orrm\orrmm.lck
c:\program files\Common Files\orrm\orrmp.lck
c:\program files\Common
C:\Thumbs.db
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\Thumbs.db
c:\windows\system32\Vb40032.dll
G:\autorun.inf

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-23 18:16 . 2010-05-23 18:16 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-23 18:15 . 2010-05-23 18:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-15 04:10 . 2010-05-15 04:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-08 03:46 . 2010-04-27 22:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-08 03:46 . 2010-04-27 22:16 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-08 03:46 . 2010-04-27 22:16 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-08 03:46 . 2010-04-27 22:16 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-08 03:46 . 2010-04-27 22:16 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-08 03:46 . 2010-04-27 22:16 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-08 03:46 . 2010-04-27 22:16 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 22:54 . 2008-04-25 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-23 03:11 . 2005-02-04 19:56 -------- d-----w- c:\program files\Common Files\Java
2010-05-23 03:11 . 2010-05-23 03:11 503808 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b808963-n\msvcp71.dll
2010-05-23 03:11 . 2010-05-23 03:11 499712 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b808963-n\jmc.dll
2010-05-23 03:11 . 2010-05-23 03:11 348160 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b808963-n\msvcr71.dll
2010-05-23 03:11 . 2010-05-23 03:11 61440 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4269cc1d-n\decora-sse.dll
2010-05-23 03:11 . 2010-05-23 03:11 12800 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4269cc1d-n\decora-d3d.dll
2010-05-23 03:11 . 2005-02-04 19:59 -------- d-----w- c:\program files\Java
2010-05-22 21:09 . 2006-07-19 20:21 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 16:40 . 2005-10-18 15:57 -------- d-----w- c:\program files\Duplicate File Finder
2010-05-22 16:40 . 2008-11-14 04:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 16:38 . 2008-03-15 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-22 16:20 . 2007-06-29 18:39 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-22 16:19 . 2007-06-29 18:39 -------- d-----w- c:\program files\McAfee
2010-05-22 16:19 . 2007-06-29 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-22 16:19 . 2007-06-29 18:39 -------- d-----w- c:\program files\McAfee.com
2010-04-27 22:16 . 2007-06-29 18:40 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2007-06-29 18:40 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2007-06-29 18:40 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-19 18:57 . 2010-04-19 18:50 -------- d-----w- c:\program files\Audacity
2010-04-14 00:54 . 2010-04-14 00:54 -------- d-----w- c:\program files\Lame for Audacity
2010-04-12 22:29 . 2010-05-23 03:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 18:30 . 2010-04-10 18:30 -------- d-----w- c:\documents and settings\evelyn\Application Data\ScanSoft
2010-03-30 05:46 . 2008-11-14 04:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2008-11-14 04:02 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2007-03-28 19:57 . 2007-03-28 19:56 18895728 ------w- c:\program files\Install_Messenger.exe
2005-07-30 01:39 . 2005-07-30 01:38 14651330 ------w- c:\program files\OldeEnglish.org_-_Deadpuppies.mov
2005-07-28 15:35 . 2005-07-28 15:29 959653376 ------w- c:\program files\ragnarok_setup.exe
2004-03-11 19:27 . 2005-02-12 21:30 40960 ------w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update "= "c:\documents and settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "= "SOUNDMAN.EXE" [2004-05-14 67072]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 180269]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray "= "c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"MWLExe "= "c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz "= "nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter "= "NvMCTray.dll" [2007-12-05 81920]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-13 57393]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-13 40960]
"OneTouch Monitor "= "c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2004-01-20 110592]
"HP Software Update "= "c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\evelyn\Start Menu\Programs\Startup\
SensorsView.lnk - c:\program files\SensorsView\sview.exe [2006-1-24 967680]

c:\documents and settings\john\Start Menu\Programs\Startup\
SensorsView.lnk - c:\program files\SensorsView\sview.exe [2006-1-24 967680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager "=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"ctfmon.exe "=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Quake III Arena\\quake3.exe "=
"c:\\Program Files\\Valve\\Steam\\Steam.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darkneox102\\counter-strike source\\hl2.exe "=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Warcraft III\\War3.exe "=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe "=
"c:\\Program Files\\Starcraft\\StarCraft.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"7000:TCP "= 7000:TCP:Blizzard Downloader: 7000

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/7/2010 10:46 PM 82952]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2/7/2005 11:42 AM 1984]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2008 10:09 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/7/2010 10:46 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/7/2010 10:46 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/7/2010 10:47 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/7/2010 10:46 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/7/2010 10:46 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/7/2010 10:46 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/7/2010 10:46 PM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:54 PM 135664]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [6/18/2005 11:28 AM 140416]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/7/2010 10:46 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/7/2010 10:46 PM 83496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\Drivers\xpad.sys --> c:\windows\system32\Drivers\xpad.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 13:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {072CB141-B793-11D1-89B6-0020182C1446} - file://d:\utilities\IntraLaunch.CAB
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://creatives3.lakefield.net:85/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://212.129.168.37:81/kxhcm10.ocx
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-tcmaqygc - c:\documents and settings\john\Local Settings\Application Data\yuwhjpdss\rttpjcttssd.exe
AddRemove-AIM_6.0 - c:\program files\AIM6\uninst.exe
AddRemove-HyperCam 2 - c:\documents and settings\adam kerr\desktop\neo\UnHyCam2.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1488)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-25 18:37:14
ComboFix-quarantined-files.txt 2010-05-25 23:37

Pre-Run: 42,741,280,768 bytes free
Post-Run: 42,721,480,704 bytes free

- - End Of File - - AC7107BC615F83A68A3422FAC92265B2

broni · 2010/05/25

Looks good
How is the computer doing at the moment?

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named.

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt, and fresh HijackThis log in your next reply.

johngkerr · 2010/05/25

the log files you wanted. My computer is runnig good so far
Windows Recovery Console was installed ok

ComboFix 10-05-25.02 - john 05/25/2010 20:34:32.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.523 [GMT -5:00]
Running from: c:\documents and settings\john\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\john\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-23 18:16 . 2010-05-23 18:16 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-23 18:15 . 2010-05-23 18:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-15 04:10 . 2010-05-15 04:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-08 03:46 . 2010-04-27 22:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-08 03:46 . 2010-04-27 22:16 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-08 03:46 . 2010-04-27 22:16 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-08 03:46 . 2010-04-27 22:16 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-08 03:46 . 2010-04-27 22:16 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-08 03:46 . 2010-04-27 22:16 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-08 03:46 . 2010-04-27 22:16 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 22:54 . 2008-04-25 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-23 03:11 . 2005-02-04 19:56 -------- d-----w- c:\program files\Common Files\Java
2010-05-23 03:11 . 2010-05-23 03:11 503808 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b808963-n\msvcp71.dll
2010-05-23 03:11 . 2010-05-23 03:11 499712 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b808963-n\jmc.dll
2010-05-23 03:11 . 2010-05-23 03:11 348160 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b808963-n\msvcr71.dll
2010-05-23 03:11 . 2010-05-23 03:11 61440 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4269cc1d-n\decora-sse.dll
2010-05-23 03:11 . 2010-05-23 03:11 12800 ----a-w- c:\documents and settings\john\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4269cc1d-n\decora-d3d.dll
2010-05-23 03:11 . 2005-02-04 19:59 -------- d-----w- c:\program files\Java
2010-05-22 21:09 . 2006-07-19 20:21 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 16:40 . 2005-10-18 15:57 -------- d-----w- c:\program files\Duplicate File Finder
2010-05-22 16:40 . 2008-11-14 04:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 16:38 . 2008-03-15 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-22 16:20 . 2007-06-29 18:39 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-22 16:19 . 2007-06-29 18:39 -------- d-----w- c:\program files\McAfee
2010-05-22 16:19 . 2007-06-29 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-22 16:19 . 2007-06-29 18:39 -------- d-----w- c:\program files\McAfee.com
2010-04-27 22:16 . 2007-06-29 18:40 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2007-06-29 18:40 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2007-06-29 18:40 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-19 18:57 . 2010-04-19 18:50 -------- d-----w- c:\program files\Audacity
2010-04-14 00:54 . 2010-04-14 00:54 -------- d-----w- c:\program files\Lame for Audacity
2010-04-12 22:29 . 2010-05-23 03:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 18:30 . 2010-04-10 18:30 -------- d-----w- c:\documents and settings\evelyn\Application Data\ScanSoft
2010-03-30 05:46 . 2008-11-14 04:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2008-11-14 04:02 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2007-03-28 19:57 . 2007-03-28 19:56 18895728 ------w- c:\program files\Install_Messenger.exe
2005-07-30 01:39 . 2005-07-30 01:38 14651330 ------w- c:\program files\OldeEnglish.org_-_Deadpuppies.mov
2005-07-28 15:35 . 2005-07-28 15:29 959653376 ------w- c:\program files\ragnarok_setup.exe
2004-03-11 19:27 . 2005-02-12 21:30 40960 ------w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-25_23.34.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-25 23:44 . 2010-05-25 23:44 16384 c:\windows\Temp\Perflib_Perfdata_c4.dat
- 2008-11-16 23:32 . 2010-05-23 02:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-16 23:32 . 2010-05-25 23:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-02-04 07:30 . 2010-05-25 23:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-02-04 07:30 . 2010-05-23 02:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-27 03:51 . 2010-05-25 23:36 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-08-27 03:51 . 2010-05-23 02:09 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update "= "c:\documents and settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "= "SOUNDMAN.EXE" [2004-05-14 67072]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 180269]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray "= "c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"MWLExe "= "c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz "= "nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter "= "NvMCTray.dll" [2007-12-05 81920]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-13 57393]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-13 40960]
"OneTouch Monitor "= "c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2004-01-20 110592]
"HP Software Update "= "c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\evelyn\Start Menu\Programs\Startup\
SensorsView.lnk - c:\program files\SensorsView\sview.exe [2006-1-24 967680]

c:\documents and settings\john\Start Menu\Programs\Startup\
SensorsView.lnk - c:\program files\SensorsView\sview.exe [2006-1-24 967680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager "=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
"MsnMsgr "= "c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"ctfmon.exe "=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Quake III Arena\\quake3.exe "=
"c:\\Program Files\\Valve\\Steam\\Steam.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darkneox102\\counter-strike source\\hl2.exe "=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Warcraft III\\War3.exe "=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe "=
"c:\\Program Files\\Starcraft\\StarCraft.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"7000:TCP "= 7000:TCP:Blizzard Downloader: 7000

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/7/2010 10:46 PM 82952]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2/7/2005 11:42 AM 1984]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2008 10:09 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/7/2010 10:46 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/7/2010 10:46 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/7/2010 10:47 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/7/2010 10:46 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/7/2010 10:46 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/7/2010 10:46 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/7/2010 10:46 PM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:54 PM 135664]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [6/18/2005 11:28 AM 140416]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/7/2010 10:46 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/7/2010 10:46 PM 83496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\Drivers\xpad.sys --> c:\windows\system32\Drivers\xpad.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 13:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {072CB141-B793-11D1-89B6-0020182C1446} - file://d:\utilities\IntraLaunch.CAB
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://creatives3.lakefield.net:85/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://212.129.168.37:81/kxhcm10.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1424)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-25 20:48:23
ComboFix-quarantined-files.txt 2010-05-26 01:48
ComboFix2.txt 2010-05-25 23:37

Pre-Run: 42,904,154,112 bytes free
Post-Run: 42,863,665,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B340C0520DF51A029A85DA86F4C2CFC6

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:08 PM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100522120128.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: SensorsView.lnk = C:\Program Files\SensorsView\sview.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {072CB141-B793-11D1-89B6-0020182C1446} (IntraLaunch.MainControl) - file://D:\Utilities\IntraLaunch.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://creatives3.lakefield.net:85/SysCamInst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://74.171.128.39:8080/program/SonySncRz25View.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13706 bytes

broni · 2010/05/25

Very good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

johngkerr · 2010/05/28

I uninstall combofix
ran temp file cleaner

this is the log
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, May 28, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, May 27, 2010 17:33:33
Records in database: 4190279
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
G:\

Scan statistics:
Objects scanned: 159705
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:59:36

File name / Threat / Threats count
G:\john folder\old computor download\download\cwshredder.zip Infected: Net-Worm.Win32.Kolab.hmh 1

Selected area has been scanned.

broni · 2010/05/28

Delete following file manually:
G:\john folder\old computor download\download\cwshredder.zip
Make sure to empty recycle bin afterward.

Download HijackThis:
http://free.antivirus.com/hijackthis/
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

johngkerr · 2010/05/29

I removed cwshredder.zip last night
this is hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:18:53 PM, on 5/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100522120128.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SensorsView.lnk = C:\Program Files\SensorsView\sview.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {072CB141-B793-11D1-89B6-0020182C1446} (IntraLaunch.MainControl) - file://D:\Utilities\IntraLaunch.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://creatives3.lakefield.net:85/SysCamInst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://74.171.128.39:8080/program/SonySncRz25View.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14301 bytes

broni · 2010/05/29

Re-run HJT and checkmark:

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

Click "Fix checked" button.
Restart computer.

When done...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

Log in or Sign up

Solved Need help removing virus

johngkerr Inactive Thread Starter

PeteC SuperGeek Staff

johngkerr Inactive Thread Starter

PeteC SuperGeek Staff

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Need help removing virus

johngkerr Inactive Thread Starter

PeteC SuperGeek Staff

johngkerr Inactive Thread Starter

PeteC SuperGeek Staff

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

johngkerr Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches