Solved I believe I have XP antispyware virus 2009

badger1332002 · 2008/11/13

[Resolved] I believe I have XP antispyware virus 2009

When I am on the internet and I click on a link to a search file from yahoo, google, etc. it opens a new window and redirects to a completely random site. Also, it seems that when I try to go to a website to update my windows or go to anything that involves deleting the virus it will not let me connect to the site. I had to change the file name of hijackthis for it to let me run the program. If you have any ideas or solutions they would be greatly appreciated. I already saw some people posted with the same problem or virus. Thank you and here is the log you need from hijackthis:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jason at 2008-11-13 17:01:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (26%) free of 54 GB
Total RAM: 1015 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:36 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jason\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9428 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI "=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"dla "=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"pccguide.exe "=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2005-08-30 823362]
"BJCFD "=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"dscactivate "=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DVDLauncher "=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"basicsmssmenu "=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]
"DellSupportCenter "=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM "=C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe [2006-04-11 176201]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupportCenter "=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"EasyLinkAdvisor "=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"Sony Ericsson PC Suite "=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"SVCHOST.EXE "=C:\WINDOWS\system32\drivers\svchost.exe [2008-11-10 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus Pro 2009]
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk]
C:\WINDOWS\system32\brastk.exe [2008-11-10 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "karna.dat "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"ForceClassicControlPanel "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Common Files\AOL\1157755053\ee\aolsoftware.exe "= "C:\Program Files\Common Files\AOL\1157755053\ee\aolsoftware.exe:*:Enabled:AOL Services "
"C:\Program Files\Common Files\AOL\1157755053\ee\aim6.exe "= "C:\Program Files\Common Files\AOL\1157755053\ee\aim6.exe:*:Enabled:AIM "
"C:\StubInstaller.exe "= "C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Yahoo! Games\Puzzle Express\PuzzleExpress.exe "= "C:\Program Files\Yahoo! Games\Puzzle Express\PuzzleExpress.exe:*:EnableduzzleExpress "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\WINDOWS\system32\LEXPPS.EXE "= "C:\WINDOWS\system32\LEXPPS.EXE:*isabled:LEXPPS.EXE "
"C:\Program Files\BitComet\BitComet.exe "= "C:\Program Files\BitComet\BitComet.exe:*isabled:BitComet - a BitTorrent Client "
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe "= "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 "
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe "= "C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable "
"C:\WINDOWS\system32\igfxsrvc.exe "= "C:\WINDOWS\system32\igfxsrvc.exe:*isabled:igfxsrvc Module "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a880185-5ddb-11dd-ab99-0014a5c62d3c}]
shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0f8cd3-acd1-11dc-aae5-00038a000015}]
shell\AutoRun\command - F:\PortableVault.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86400974-f16e-11dc-ab1b-0014a5c62d3c}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92563c2a-56f4-11dc-aa97-00038a000015}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8da8945-4423-11db-a7ea-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe -a

======List of files/folders created in the last 3 months======

2008-11-13 16:37:46 ----D---- C:\Program Files\Malwarebyter Anti-Malware
2008-11-13 16:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-13 15:11:20 ----A---- C:\Bob.exe.exe
2008-11-13 15:06:05 ----D---- C:\rsit
2008-11-12 23:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 23:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 22:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 22:11:20 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-11 21:45:34 ----D---- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-11-11 21:45:03 ----D---- C:\Program Files\Mozilla Firefox
2008-11-11 00:06:17 ----A---- C:\WINDOWS\ylirunipu.bat
2008-11-11 00:06:17 ----A---- C:\WINDOWS\limenaz.exe
2008-11-11 00:06:17 ----A---- C:\WINDOWS\lebuhypiz.dll
2008-11-11 00:06:17 ----A---- C:\Documents and Settings\Jason\Application Data\dinep.bat
2008-11-11 00:06:17 ----A---- C:\Documents and Settings\All Users\Application Data\zufyqazafi.bat
2008-11-10 23:53:24 ----A---- C:\WINDOWS\Sysvxd.exe
2008-11-10 15:24:12 ----A---- C:\WINDOWS\zijomac.bat
2008-11-10 15:24:12 ----A---- C:\WINDOWS\viwu.exe
2008-11-10 15:24:12 ----A---- C:\WINDOWS\daxudyt.com
2008-11-10 15:24:12 ----A---- C:\Program Files\Common Files\myjehom.vbs
2008-11-10 15:24:12 ----A---- C:\Documents and Settings\Jason\Application Data\yfupi.exe
2008-11-10 15:23:35 ----D---- C:\Program Files\AntivirusPro2009
2008-11-10 15:22:57 ----A---- C:\WINDOWS\system32\wini10891.exe
2008-11-10 15:08:01 ----A---- C:\WINDOWS\brastk.exe
2008-11-10 15:02:15 ----A---- C:\WINDOWS\system32\brastk.exe
2008-10-25 10:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 11:01:50 ----D---- C:\Program Files\Common Files\Deterministic Networks
2008-10-15 17:07:32 ----D---- C:\Documents and Settings\Jason\Application Data\Google
2008-10-15 17:04:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-15 17:03:42 ----D---- C:\WINDOWS\system32\Adobe
2008-10-15 15:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 15:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 15:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 15:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 15:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-03 19:57:42 ----D---- C:\Program Files\iPod
2008-10-03 19:57:40 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 19:57:39 ----D---- C:\Program Files\iTunes
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-15 18:30:48 ----D---- C:\Program Files\Common Files\Sony Shared
2008-09-15 18:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-15 17:49:32 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-09-15 17:49:10 ----D---- C:\Documents and Settings\Jason\Application Data\InstallShield
2008-09-15 17:36:31 ----D---- C:\Program Files\Sony Ericsson
2008-09-15 17:28:05 ----D---- C:\Documents and Settings\Jason\Application Data\Sony
2008-09-15 17:28:05 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-09-15 17:11:09 ----D---- C:\Program Files\Sony Setup
2008-09-15 15:25:24 ----D---- C:\Program Files\Bonjour
2008-09-15 15:24:15 ----D---- C:\Program Files\QuickTime
2008-09-11 07:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 07:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 20:56:17 ----D---- C:\Documents and Settings\Jason\Application Data\McGraw-HillLicensing
2008-09-02 21:34:40 ----D---- C:\Documents and Settings\Jason\Application Data\funkitron
2008-09-02 21:33:38 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-08-29 09:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-14 02:07:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 02:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 02:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 02:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 02:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 02:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 02:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

======List of files/folders modified in the last 3 months======

2008-11-13 16:58:49 ----D---- C:\WINDOWS\Temp
2008-11-13 16:58:23 ----D---- C:\WINDOWS
2008-11-13 16:56:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-13 16:47:41 ----D---- C:\Documents and Settings\Jason\Application Data\U3
2008-11-13 16:37:49 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 16:37:46 ----D---- C:\Program Files
2008-11-13 16:34:50 ----D---- C:\Program Files\Trend Micro
2008-11-13 16:28:33 ----D---- C:\WINDOWS\system32
2008-11-13 16:28:33 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 16:10:14 ----SHD---- C:\System Volume Information
2008-11-13 16:10:14 ----D---- C:\WINDOWS\system32\Restore
2008-11-13 15:59:29 ----D---- C:\WINDOWS\Prefetch
2008-11-13 15:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-13 15:58:56 ----D---- C:\Program Files\Viewpoint
2008-11-12 23:15:57 ----HD---- C:\WINDOWS\inf
2008-11-12 23:15:56 ----D---- C:\WINDOWS\system32\dllcache
2008-11-12 23:15:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 23:15:51 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 23:15:38 ----HD---- C:\Config.Msi
2008-11-12 23:15:37 ----SHD---- C:\WINDOWS\Installer
2008-11-12 23:15:37 ----D---- C:\WINDOWS\WinSxS
2008-11-12 11:20:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 11:18:20 ----RASH---- C:\boot.ini
2008-11-12 11:18:20 ----N---- C:\WINDOWS\system.ini
2008-11-12 11:18:20 ----A---- C:\WINDOWS\win.ini
2008-11-11 22:18:06 ----D---- C:\Documents and Settings
2008-11-11 20:57:06 ----D---- C:\WINDOWS\network diagnostic
2008-11-11 00:06:17 ----D---- C:\Program Files\Common Files
2008-11-11 00:00:41 ----D---- C:\Program Files\Microsoft Office
2008-11-11 00:00:36 ----HD---- C:\WINDOWS\ShellNew
2008-11-11 00:00:22 ----RSD---- C:\WINDOWS\Fonts
2008-11-11 00:00:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-11 00:00:18 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-24 14:39:53 ----D---- C:\WINDOWS\Help
2008-10-16 17:00:47 ----D---- C:\Program Files\Google
2008-10-15 17:10:03 ----D---- C:\WINDOWS\system32\home box office dir
2008-10-15 17:04:59 ----D---- C:\Documents and Settings\Jason\Application Data\Adobe
2008-10-15 17:03:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-15 15:19:08 ----D---- C:\Program Files\Internet Explorer
2008-10-15 15:18:53 ----D---- C:\WINDOWS\ie7updates
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 19:55:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 14:45:53 ----RSD---- C:\WINDOWS\assembly
2008-09-15 17:49:32 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-15 15:24:19 ----D---- C:\Program Files\Common Files\Apple
2008-09-11 07:16:33 ----D---- C:\Program Files\Microsoft Works
2008-09-09 19:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-08 19:51:04 ----SD---- C:\Documents and Settings\Jason\Application Data\Microsoft
2008-09-08 19:51:03 ----D---- C:\Program Files\Yahoo! Games
2008-09-04 11:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-27 02:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 02:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 02:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 23:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 16:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-08-22 16:48:48 ----D---- C:\Documents and Settings\Jason\Application Data\Microsoft Games
2008-08-14 04:11:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 03:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 02:07:51 ----D---- C:\Program Files\Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-08-30 38528]
R2 ACEDRV09;ACEDRV09; \??\C:\WINDOWS\system32\drivers\ACEDRV09.sys []
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-06-17 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-08-30 1884585]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-08-16 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-08-16 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-08-16 1195448]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 ATWPKT2;ATWPKT2; \??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2006-09-04 880722]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-27 654848]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Geri · 2008/11/15

Hi badger1332002
Welcome to WindowsBBS

Do you have access to another computer where you can download and transfer a tool to the infected one to run it?

Geri

badger1332002 · 2008/11/15

Yes I do and either a jump drive or a external hard drive to transfer the tool

Geri · 2008/11/15

Hi
OK Good.

Download ComboFix from Here to your Desktop.

Transfer it to the other maching and run it this way.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the log here.

badger1332002 · 2008/11/16

ComboFix 08-11-14.01 - Jason 2008-11-16 10:56:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.640 [GMT -6:00]
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\FBrowsingAdvisor\XPCOMEvents.dll
c:\windows\brastk.exe
c:\windows\system32\brastk.exe
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\drivers\TDSSmvpe.sys
c:\windows\system32\TDSSbjhd.log
c:\windows\system32\TDSSckhc.dll
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSktpa.dll
c:\windows\system32\TDSSncsn.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSqqcn.dll
c:\windows\system32\TDSSwhkc.log
c:\windows\system32\TDSSwupl.dat
c:\windows\system32\TDSSyavo.dll
c:\windows\system32\wini10891.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-13 16:37 . 2008-11-13 16:37 <DIR> d-------- c:\program files\Malwarebyter Anti-Malware
2008-11-13 16:37 . 2008-11-13 16:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 16:37 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 16:37 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 15:11 . 2007-12-10 22:58 812,344 --a------ C:\Bob.exe.exe
2008-11-13 15:06 . 2008-11-13 15:06 <DIR> d-------- C:\rsit
2008-11-12 23:04 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 22:48 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 22:18 . 2006-08-26 08:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-11-11 22:18 . 2008-08-13 11:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2008-11-11 22:18 . 2008-11-11 22:18 <DIR> d-------- c:\documents and settings\Administrator
2008-11-11 00:06 . 2008-11-11 00:06 19,418 --a------ c:\documents and settings\Jason\Application Data\dinep.bat
2008-11-11 00:06 . 2008-11-11 00:06 19,404 --a------ c:\windows\yquqahot._dl
2008-11-11 00:06 . 2008-11-11 00:06 18,425 --a------ c:\windows\system32\lubig.lib
2008-11-11 00:06 . 2008-11-11 00:06 18,399 --a------ c:\documents and settings\All Users\Application Data\belucur.pif
2008-11-11 00:06 . 2008-11-11 00:06 17,434 --a------ c:\documents and settings\Jason\Application Data\tirifiraso.bin
2008-11-11 00:06 . 2008-11-11 00:06 15,681 --a------ c:\windows\ylirunipu.bat
2008-11-11 00:06 . 2008-11-11 00:06 15,105 --a------ c:\windows\qocelu.bin
2008-11-11 00:06 . 2008-11-11 00:06 14,240 --a------ c:\documents and settings\All Users\Application Data\zufyqazafi.bat
2008-11-11 00:06 . 2008-11-11 00:06 13,910 --a------ c:\windows\limenaz.exe
2008-11-11 00:06 . 2008-11-11 00:06 13,812 --a------ c:\windows\geguqu.lib
2008-11-11 00:06 . 2008-11-11 00:06 13,134 --a------ c:\program files\Common Files\olilo.scr
2008-11-11 00:06 . 2008-11-11 00:06 12,960 --a------ c:\windows\lebuhypiz.dll
2008-11-10 23:53 . 2008-11-13 14:54 1,689 --a------ c:\windows\Sysvxd.exe
2008-11-10 15:24 . 2008-11-10 15:24 18,505 --a------ c:\windows\viwu.exe
2008-11-10 15:24 . 2008-11-10 15:24 16,751 --a------ c:\windows\daxudyt.com
2008-11-10 15:24 . 2008-11-10 15:24 16,641 --a------ c:\documents and settings\Jason\Application Data\yfupi.exe
2008-11-10 15:24 . 2008-11-10 15:24 16,484 --a------ c:\program files\Common Files\myjehom.vbs
2008-11-10 15:24 . 2008-11-10 15:24 16,323 --a------ c:\windows\ynaq.scr
2008-11-10 15:24 . 2008-11-10 15:24 15,292 --a------ c:\windows\system32\abalipofoj.sys
2008-11-10 15:24 . 2008-11-10 15:24 14,206 --a------ c:\windows\zijomac.bat
2008-11-10 15:24 . 2008-11-10 15:24 13,903 --a------ c:\documents and settings\Jason\Application Data\qiniv.dat
2008-11-10 15:24 . 2008-11-10 15:24 12,464 --a------ c:\windows\ufure.bin
2008-11-10 15:23 . 2008-11-11 22:07 <DIR> d-------- c:\program files\AntivirusPro2009
2008-10-24 07:58 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 11:01 . 2008-10-22 11:01 <DIR> d-------- c:\program files\Common Files\Deterministic Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 16:46 --------- d-----w c:\documents and settings\Jason\Application Data\U3
2008-11-14 18:36 41,582 -c--a-w c:\documents and settings\Jason\Application Data\wklnhst.dat
2008-11-13 22:34 --------- d-----w c:\program files\Trend Micro
2008-11-13 21:58 --------- d-----w c:\program files\Viewpoint
2008-11-13 21:58 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-11 06:06 15,815 ----a-w c:\program files\Common Files\latatu._sy
2008-11-11 06:06 10,477 ----a-w c:\program files\Common Files\vazizaza._dl
2008-11-11 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 23:00 --------- d-----w c:\program files\Google
2008-10-04 01:58 --------- d-----w c:\program files\iTunes
2008-10-04 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 01:57 --------- d-----w c:\program files\iPod
2008-10-01 20:46 --------- d-----w c:\program files\Sony Ericsson
2008-10-01 20:45 --------- d-----w c:\documents and settings\Jason\Application Data\Sony
2008-09-16 00:30 --------- d-----w c:\program files\Common Files\Sony Shared
2008-09-16 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2007-11-20 15:45 88 -csh--r c:\windows\system32\3858295F0C.sys
2007-11-20 15:45 3,558 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-05-07 00:27 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM "= "c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe "= "c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"BJCFD "= "c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"basicsmssmenu "= "c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-08-26 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-10-22 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\StubInstaller.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe "=
"c:\\WINDOWS\\system32\\igfxsrvc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4889:UDP "= 4889:UDP:Windows Media Format SDK (iexplore.exe)

R2 ACEDRV09;ACEDRV09;\??\c:\windows\system32\drivers\ACEDRV09.sys [2008-09-10 110304]
R2 Basics Service;Basics Service; "c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 124280]
S2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a880185-5ddb-11dd-ab99-0014a5c62d3c}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0f8cd3-acd1-11dc-aae5-00038a000015}]
\Shell\AutoRun\command - F:\PortableVault.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86400974-f16e-11dc-ab1b-0014a5c62d3c}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92563c2a-56f4-11dc-aa97-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe
MSConfigStartUp-brastk - c:\windows\system32\brastk.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\lsvvajwp.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 11:03:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Northern Illinois University\NIU VPN Client\cvpnd.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe
c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-16 11:10:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 17:10:19

Pre-Run: 14,706,462,720 bytes free
Post-Run: 14,824,783,872 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

250 --- E O F --- 2008-11-13 05:17:24

Geri · 2008/11/16

Hi
Ok please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
Code:
File::
C:\Bob.exe.exe
c:\documents and settings\Jason\Application Data\dinep.bat
c:\windows\yquqahot._dl
c:\windows\system32\lubig.lib
c:\documents and settings\All Users\Application Data\belucur.pif
c:\documents and settings\Jason\Application Data\tirifiraso.bin
c:\windows\ylirunipu.bat
c:\windows\qocelu.bin
c:\documents and settings\All Users\Application Data\zufyqazafi.bat
c:\windows\limenaz.exe
c:\windows\geguqu.lib
c:\program files\Common Files\olilo.scr
c:\windows\lebuhypiz.dll
c:\windows\Sysvxd.exe
c:\windows\viwu.exe
c:\windows\daxudyt.com
c:\documents and settings\Jason\Application Data\yfupi.exe
c:\program files\Common Files\myjehom.vbs
c:\windows\ynaq.scr
c:\windows\system32\abalipofoj.sys
c:\windows\zijomac.bat
c:\documents and settings\Jason\Application Data\qiniv.dat
c:\windows\ufure.bin
c:\program files\Common Files\latatu._sy
c:\program files\Common Files\vazizaza._dl

Folder::
c:\program files\AntivirusPro2009 
Please make sure you disable your Anti virus program before run the CFScript.

Thanks
Geri

badger1332002 · 2008/11/16

ComboFix 08-11-14.01 - Jason 2008-11-16 15:57:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.549 [GMT -6:00]
Running from: c:\documents and settings\Jason\Desktop\Jackson.exe.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\Bob.exe.exe
c:\documents and settings\All Users\Application Data\belucur.pif
c:\documents and settings\All Users\Application Data\zufyqazafi.bat
c:\documents and settings\Jason\Application Data\dinep.bat
c:\documents and settings\Jason\Application Data\qiniv.dat
c:\documents and settings\Jason\Application Data\tirifiraso.bin
c:\documents and settings\Jason\Application Data\yfupi.exe
c:\program files\Common Files\latatu._sy
c:\program files\Common Files\myjehom.vbs
c:\program files\Common Files\olilo.scr
c:\program files\Common Files\vazizaza._dl
c:\windows\daxudyt.com
c:\windows\geguqu.lib
c:\windows\lebuhypiz.dll
c:\windows\limenaz.exe
c:\windows\qocelu.bin
c:\windows\system32\abalipofoj.sys
c:\windows\system32\lubig.lib
c:\windows\Sysvxd.exe
c:\windows\ufure.bin
c:\windows\viwu.exe
c:\windows\ylirunipu.bat
c:\windows\ynaq.scr
c:\windows\yquqahot._dl
c:\windows\zijomac.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Bob.exe.exe
c:\documents and settings\All Users\Application Data\belucur.pif
c:\documents and settings\All Users\Application Data\zufyqazafi.bat
c:\documents and settings\Jason\Application Data\dinep.bat
c:\documents and settings\Jason\Application Data\qiniv.dat
c:\documents and settings\Jason\Application Data\tirifiraso.bin
c:\documents and settings\Jason\Application Data\yfupi.exe
c:\program files\AntivirusPro2009
c:\program files\AntivirusPro2009\AntivirusPro2009.cfg
c:\program files\AntivirusPro2009\htmlayout.dll
c:\program files\AntivirusPro2009\pthreadVC2.dll
c:\program files\AntivirusPro2009\Uninstall.exe
c:\program files\Common Files\latatu._sy
c:\program files\Common Files\myjehom.vbs
c:\program files\Common Files\olilo.scr
c:\program files\Common Files\vazizaza._dl
c:\windows\daxudyt.com
c:\windows\geguqu.lib
c:\windows\lebuhypiz.dll
c:\windows\limenaz.exe
c:\windows\qocelu.bin
c:\windows\system32\abalipofoj.sys
c:\windows\system32\lubig.lib
c:\windows\Sysvxd.exe
c:\windows\ufure.bin
c:\windows\viwu.exe
c:\windows\ylirunipu.bat
c:\windows\ynaq.scr
c:\windows\yquqahot._dl
c:\windows\zijomac.bat

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-13 16:37 . 2008-11-13 16:37 <DIR> d-------- c:\program files\Malwarebyter Anti-Malware
2008-11-13 16:37 . 2008-11-13 16:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 16:37 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 16:37 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 15:06 . 2008-11-13 15:06 <DIR> d-------- C:\rsit
2008-11-12 23:04 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 22:48 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 22:18 . 2006-08-26 08:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-11-11 22:18 . 2008-08-13 11:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2008-11-11 22:18 . 2008-11-11 22:18 <DIR> d-------- c:\documents and settings\Administrator
2008-10-24 07:58 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 11:01 . 2008-10-22 11:01 <DIR> d-------- c:\program files\Common Files\Deterministic Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 16:46 --------- d-----w c:\documents and settings\Jason\Application Data\U3
2008-11-14 18:36 41,582 -c--a-w c:\documents and settings\Jason\Application Data\wklnhst.dat
2008-11-13 22:34 --------- d-----w c:\program files\Trend Micro
2008-11-13 21:58 --------- d-----w c:\program files\Viewpoint
2008-11-13 21:58 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-11 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 23:00 --------- d-----w c:\program files\Google
2008-10-04 01:58 --------- d-----w c:\program files\iTunes
2008-10-04 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 01:57 --------- d-----w c:\program files\iPod
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 20:46 --------- d-----w c:\program files\Sony Ericsson
2008-10-01 20:45 --------- d-----w c:\documents and settings\Jason\Application Data\Sony
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:30 --------- d-----w c:\program files\Common Files\Sony Shared
2008-09-16 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2007-11-20 15:45 88 -csh--r c:\windows\system32\3858295F0C.sys
2007-11-20 15:45 3,558 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-05-07 00:27 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_11.09.47.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-16 17:05:57 64,602 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 17:07:08 64,602 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-16 17:05:57 408,238 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 17:07:08 408,238 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM "= "c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe "= "c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"BJCFD "= "c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"basicsmssmenu "= "c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-08-26 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-10-22 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\StubInstaller.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe "=
"c:\\WINDOWS\\system32\\igfxsrvc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4889:UDP "= 4889:UDP:Windows Media Format SDK (iexplore.exe)

R2 ACEDRV09;ACEDRV09;\??\c:\windows\system32\drivers\ACEDRV09.sys [2008-09-10 110304]
R2 Basics Service;Basics Service; "c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 124280]
S2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a880185-5ddb-11dd-ab99-0014a5c62d3c}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0f8cd3-acd1-11dc-aae5-00038a000015}]
\Shell\AutoRun\command - F:\PortableVault.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86400974-f16e-11dc-ab1b-0014a5c62d3c}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92563c2a-56f4-11dc-aa97-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8da8945-4423-11db-a7ea-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 16:00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 16:02:00
ComboFix-quarantined-files.txt 2008-11-16 22:01:41
ComboFix2.txt 2008-11-16 17:10:27

Pre-Run: 14,801,698,816 bytes free
Post-Run: 14,797,778,944 bytes free

236 --- E O F --- 2008-11-13 05:17:24

Geri · 2008/11/16

Hi
OK good.

Please post a new RSIT log.

Thanks
Geri

badger1332002 · 2008/11/16

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jason at 2008-11-16 19:42:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (26%) free of 54 GB
Total RAM: 1015 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:07 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9114 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI "=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"dla "=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"pccguide.exe "=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2005-08-30 823362]
"BJCFD "=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"dscactivate "=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DVDLauncher "=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"basicsmssmenu "=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]
"DellSupportCenter "=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM "=C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe [2006-04-11 176201]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupportCenter "=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"EasyLinkAdvisor "=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"Sony Ericsson PC Suite "=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel "=1
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\StubInstaller.exe "= "C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe "= "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 "
"C:\WINDOWS\system32\igfxsrvc.exe "= "C:\WINDOWS\system32\igfxsrvc.exe:*isabled:igfxsrvc Module "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a880185-5ddb-11dd-ab99-0014a5c62d3c}]
shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0f8cd3-acd1-11dc-aae5-00038a000015}]
shell\AutoRun\command - F:\PortableVault.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86400974-f16e-11dc-ab1b-0014a5c62d3c}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92563c2a-56f4-11dc-aa97-00038a000015}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8da8945-4423-11db-a7ea-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe -a

======List of files/folders created in the last 3 months======

2008-11-16 18:38:03 ----SHD---- C:\RECYCLER
2008-11-16 16:02:01 ----A---- C:\ComboFix.txt
2008-11-16 10:51:19 ----A---- C:\Boot.bak
2008-11-16 10:51:11 ----RASHD---- C:\cmdcons
2008-11-16 10:49:43 ----A---- C:\WINDOWS\zip.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\VFIND.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\SWSC.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\SWREG.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\sed.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\grep.exe
2008-11-16 10:49:43 ----A---- C:\WINDOWS\fdsv.exe
2008-11-16 10:49:36 ----D---- C:\WINDOWS\ERDNT
2008-11-16 10:49:36 ----D---- C:\Qoobox
2008-11-13 16:37:46 ----D---- C:\Program Files\Malwarebyter Anti-Malware
2008-11-13 16:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-13 15:06:05 ----D---- C:\rsit
2008-11-12 23:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 23:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 22:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 22:11:20 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-11 21:45:34 ----D---- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-11-11 21:45:03 ----D---- C:\Program Files\Mozilla Firefox
2008-10-25 10:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 11:01:50 ----D---- C:\Program Files\Common Files\Deterministic Networks
2008-10-15 17:07:32 ----D---- C:\Documents and Settings\Jason\Application Data\Google
2008-10-15 17:04:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-15 17:03:42 ----D---- C:\WINDOWS\system32\Adobe
2008-10-15 15:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 15:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 15:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 15:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 15:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-03 19:57:42 ----D---- C:\Program Files\iPod
2008-10-03 19:57:40 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 19:57:39 ----D---- C:\Program Files\iTunes
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-15 18:30:48 ----D---- C:\Program Files\Common Files\Sony Shared
2008-09-15 18:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-15 17:49:32 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-09-15 17:49:10 ----D---- C:\Documents and Settings\Jason\Application Data\InstallShield
2008-09-15 17:36:31 ----D---- C:\Program Files\Sony Ericsson
2008-09-15 17:28:05 ----D---- C:\Documents and Settings\Jason\Application Data\Sony
2008-09-15 17:28:05 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-09-15 17:11:09 ----D---- C:\Program Files\Sony Setup
2008-09-15 15:25:24 ----D---- C:\Program Files\Bonjour
2008-09-15 15:24:15 ----D---- C:\Program Files\QuickTime
2008-09-11 07:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 07:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 20:56:17 ----D---- C:\Documents and Settings\Jason\Application Data\McGraw-HillLicensing
2008-09-02 21:34:40 ----D---- C:\Documents and Settings\Jason\Application Data\funkitron
2008-09-02 21:33:38 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-08-29 09:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll

======List of files/folders modified in the last 3 months======

2008-11-16 16:02:05 ----D---- C:\WINDOWS\system32
2008-11-16 16:02:03 ----D---- C:\WINDOWS
2008-11-16 16:00:46 ----A---- C:\WINDOWS\system.ini
2008-11-16 16:00:23 ----D---- C:\WINDOWS\Temp
2008-11-16 15:59:42 ----D---- C:\WINDOWS\system32\drivers
2008-11-16 15:59:41 ----D---- C:\WINDOWS\AppPatch
2008-11-16 15:59:41 ----D---- C:\Program Files\Common Files
2008-11-16 15:58:13 ----D---- C:\Program Files
2008-11-16 15:57:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-16 11:07:07 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-16 11:01:10 ----D---- C:\WINDOWS\system32\config
2008-11-16 10:51:19 ----RASH---- C:\boot.ini
2008-11-16 10:48:27 ----D---- C:\WINDOWS\Prefetch
2008-11-16 10:47:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 10:46:37 ----D---- C:\Documents and Settings\Jason\Application Data\U3
2008-11-13 16:34:50 ----D---- C:\Program Files\Trend Micro
2008-11-13 16:10:14 ----SHD---- C:\System Volume Information
2008-11-13 16:10:14 ----D---- C:\WINDOWS\system32\Restore
2008-11-13 15:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-13 15:58:56 ----D---- C:\Program Files\Viewpoint
2008-11-12 23:15:57 ----HD---- C:\WINDOWS\inf
2008-11-12 23:15:56 ----D---- C:\WINDOWS\system32\dllcache
2008-11-12 23:15:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 23:15:51 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 23:15:38 ----HD---- C:\Config.Msi
2008-11-12 23:15:37 ----SHD---- C:\WINDOWS\Installer
2008-11-12 23:15:37 ----D---- C:\WINDOWS\WinSxS
2008-11-12 11:18:20 ----A---- C:\WINDOWS\win.ini
2008-11-11 22:18:06 ----D---- C:\Documents and Settings
2008-11-11 20:57:06 ----D---- C:\WINDOWS\network diagnostic
2008-11-11 00:00:41 ----D---- C:\Program Files\Microsoft Office
2008-11-11 00:00:36 ----HD---- C:\WINDOWS\ShellNew
2008-11-11 00:00:22 ----RSD---- C:\WINDOWS\Fonts
2008-11-11 00:00:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-11 00:00:18 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-24 14:39:53 ----D---- C:\WINDOWS\Help
2008-10-16 17:00:47 ----D---- C:\Program Files\Google
2008-10-15 17:10:03 ----D---- C:\WINDOWS\system32\home box office dir
2008-10-15 17:04:59 ----D---- C:\Documents and Settings\Jason\Application Data\Adobe
2008-10-15 17:03:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-15 15:19:08 ----D---- C:\Program Files\Internet Explorer
2008-10-15 15:18:53 ----D---- C:\WINDOWS\ie7updates
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 19:55:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 14:45:53 ----RSD---- C:\WINDOWS\assembly
2008-09-15 17:49:32 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-15 15:24:19 ----D---- C:\Program Files\Common Files\Apple
2008-09-11 07:16:33 ----D---- C:\Program Files\Microsoft Works
2008-09-09 19:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-08 19:51:04 ----SD---- C:\Documents and Settings\Jason\Application Data\Microsoft
2008-09-08 19:51:03 ----D---- C:\Program Files\Yahoo! Games
2008-09-04 11:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-27 02:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 02:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 02:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 23:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 16:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-08-22 16:48:48 ----D---- C:\Documents and Settings\Jason\Application Data\Microsoft Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-08-30 38528]
R2 ACEDRV09;ACEDRV09; \??\C:\WINDOWS\system32\drivers\ACEDRV09.sys []
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-06-17 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-08-30 1884585]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-08-16 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-08-16 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-08-16 1195448]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 ATWPKT2;ATWPKT2; \??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 catchme;catchme; \??\C:\Jackson.exe\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Northern Illinois University\NIU VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2006-09-04 880722]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-27 654848]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Geri · 2008/11/16

Hi
OK looks good.

Please do the following.

Please download JavaRa and save the file to your desktop.

Right click and Extract All

Once extracted, open and run JavaRa.exe

Click Search For Updates

Select Update Using jucheck.exe

Click Search

If a newer version is found, allow it to be installed

Uncheck the Google Toolbar option. (if you don't want the Google tool bar)

When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed

When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go

Exit the tool when complete.

Read and then You can delete the gpl-2.0.txt file.

Now this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now a on line scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

The program will launch and then begin downloading the latest definition files:

Under Scan on the left side.Click on My Computer

This will start the program and scan your system.

Click the “Scan Report” On the left side.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:

Save the text file to your desktop.

Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

badger1332002 · 2008/11/17

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 16, 2008 19:31:41
Records in database: 1388279
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 115577
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:15:44

File name / Threat name / Threats count
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1.tmp Infected: EICAR-Test-File 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\30.tmp Infected: EICAR-Test-File 1
D:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll Infected: not-a-virus:AdWare.Win32.Comet.ac 1
D:\Program Files\Trend Micro\Internet Security 12\Quarantine\65.tmp Infected: P2P-Worm.Win32.VB.dw 1

The selected area was scanned.

Geri · 2008/11/17

Hi
OK looks good.

Delete everything in your Trend Micro Quarantine folder.

This is not a very good web site, Screensavers.com.

I would remove it. Delete this folder.
D:\Program Files\Screensavers.com

Let me know how things are running.

Geri

badger1332002 · 2008/11/17

I deleted the screensavers.com program and my computer has been running very efficiently for about 2 days now. Thank you, thank you so much for everything it really helped out.

Geri · 2008/11/17

Hi
You are welcome.

Please do the following.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete RSIT.exe and this folder C:\rist

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri

Log in or Sign up

Solved I believe I have XP antispyware virus 2009

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Solved I believe I have XP antispyware virus 2009

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

badger1332002 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches