Inactive [InActive] Antivirus XP 2008 Keeps Popping Up all over

JoeB · 2008/09/23

Please help!

I have attached my HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:56 PM, on 9/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0400Mon.exe
C:\WINDOWS\system32\lphc9s2j0ev11.exe
C:\Program Files\rhccs2j0ev11\rhccs2j0ev11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AGNCF] "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" -initonly /default=on /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphc9s2j0ev11] C:\WINDOWS\system32\lphc9s2j0ev11.exe
O4 - HKLM\..\Run: [SMrhccs2j0ev11] C:\Program Files\rhccs2j0ev11\rhccs2j0ev11.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\iujmheb\LOCALS~1\Temp\AutoDetect.exe /active
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://oasis
O15 - Trusted Zone: *.aaxchange.com
O15 - Trusted Zone: *.alldatapro.com
O15 - Trusted Zone: *.dealertrack.com
O15 - Trusted Zone: *.dealerups.com
O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://*.drfsappp25
O15 - Trusted Zone: http://*.drfsiisp04
O15 - Trusted Zone: *.fiserv.com
O15 - Trusted Zone: http://deckard.geekstogo.com
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: dealer.jmagroup.com
O15 - Trusted Zone: www.jmagroup.com
O15 - Trusted Zone: *.corp.jmfamily.com
O15 - Trusted Zone: cookiepro.jmfamily.com
O15 - Trusted Zone: http://patches.jmfamily.com
O15 - Trusted Zone: *.jmfamily.com
O15 - Trusted Zone: http://*.jmfemail.com
O15 - Trusted Zone: *.jmmenu.com
O15 - Trusted Zone: http://*.jmsc
O15 - Trusted Zone: *.jmsreporting.com
O15 - Trusted Zone: *.lexus.com
O15 - Trusted Zone: http://www.manheim.com
O15 - Trusted Zone: *.mmsa.com
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://www2.motorplace.com
O15 - Trusted Zone: http://*.oasis
O15 - Trusted Zone: http://*.oncall
O15 - Trusted Zone: *.onebridge.com
O15 - Trusted Zone: *.reyrey.com
O15 - Trusted Zone: http://www.setdealerdaily.com
O15 - Trusted Zone: *.setdealerdaily.com
O15 - Trusted Zone: http://jmfe.skillport.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: *.toyota.com
O15 - Trusted Zone: http://www.trendsecure.com
O15 - Trusted Zone: *.ups.com
O15 - Trusted Zone: *.vmsnet.com
O15 - Trusted Zone: *.worldtravel.net
O15 - Trusted Zone: *.aaxchange.com (HKLM)
O15 - Trusted Zone: *.alldatapro.com (HKLM)
O15 - Trusted Zone: *.dealertrack.com (HKLM)
O15 - Trusted Zone: *.dealerups.com (HKLM)
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.drfsappp25 (HKLM)
O15 - Trusted Zone: http://*.drfsiisp04 (HKLM)
O15 - Trusted Zone: *.fiserv.com (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: *.corp.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmmenu.com (HKLM)
O15 - Trusted Zone: http://*.jmsc (HKLM)
O15 - Trusted Zone: *.lexus.com (HKLM)
O15 - Trusted Zone: http://www.manheim.com (HKLM)
O15 - Trusted Zone: *.mmsa.com (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://www2.motorplace.com (HKLM)
O15 - Trusted Zone: http://*.oasis (HKLM)
O15 - Trusted Zone: http://*.oncall (HKLM)
O15 - Trusted Zone: *.onebridge.com (HKLM)
O15 - Trusted Zone: *.reyrey.com (HKLM)
O15 - Trusted Zone: http://www.setdealerdaily.com (HKLM)
O15 - Trusted Zone: *.setdealerdaily.com (HKLM)
O15 - Trusted Zone: http://jmfe.skillport.com (HKLM)
O15 - Trusted Zone: *.skillport.com (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)
O15 - Trusted Zone: *.toyota.com (HKLM)
O15 - Trusted Zone: *.ups.com (HKLM)
O15 - Trusted Zone: *.vmsnet.com (HKLM)
O15 - Trusted Zone: *.worldtravel.net (HKLM)
O15 - Trusted IP range: http://192.168.52.154
O15 - Trusted IP range: http://166.73.134.51
O15 - Trusted IP range: http://166.73.134.62
O15 - Trusted IP range: http://192.168.52.154 (HKLM)
O15 - Trusted IP range: http://166.73.134.51 (HKLM)
O15 - Trusted IP range: http://166.73.134.62 (HKLM)
O16 - DPF: Launcher - http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} - https://dks.jmfamily.com/cabs/SSTree.CAB
O16 - DPF: {41E6DDD6-FBD6-4718-80F7-9B160533C2F5} (Infragistics UltraToolbars Control 5.0) - https://dks.jmfamily.com/cabs/IGToolbars50.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} - https://dks.jmfamily.com/cabs/IGUltraGrid20.CAB
O16 - DPF: {B63EA811-FF25-4211-A6D2-58BF767432E1} - https://dks.jmfamily.com/cabs/pictureloader.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - http://performancetrac.jmfefinancial.com/reports/ss/viewers/activeXViewer/activexviewer.cab
O16 - DPF: {CB6742B9-7282-4002-A024-455466F42A18} (Intravision.Raven.AltaPlaybackClient) - https://portal.intravisiontech.com/jimray/utility/MediaClient.CAB
O16 - DPF: {E2DD00FF-38ED-11D5-8F28-00008344CD16} - http://associatedirectory/GSAXCtrl.ocx
O16 - DPF: {EA6F44F0-AA12-406F-81D3-44078757220B} (AppLauncherToolBar.UserControlToolBar) - http://oasisapplauncher/AppLauncherToolBar.CAB
O16 - DPF: {F0D96671-A5CE-4854-AE49-6835742D232F} - https://dks.jmfamily.com/cabs/IGThreed40.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.jmfamily.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 14628 bytes

Geri · 2008/09/23

Hi Joe
Did you all those to your trusted zone?(The 015's in your HJT log)

Please do this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks
Geri

JoeB · 2008/09/24

HJT Log & MBAM Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:35 AM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0400Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AGNCF] "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" -initonly /default=on /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\iujmheb\LOCALS~1\Temp\AutoDetect.exe /active
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://oasis
O15 - Trusted Zone: *.aaxchange.com
O15 - Trusted Zone: *.alldatapro.com
O15 - Trusted Zone: *.dealertrack.com
O15 - Trusted Zone: *.dealerups.com
O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://*.drfsappp25
O15 - Trusted Zone: http://*.drfsiisp04
O15 - Trusted Zone: *.fiserv.com
O15 - Trusted Zone: http://deckard.geekstogo.com
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: dealer.jmagroup.com
O15 - Trusted Zone: www.jmagroup.com
O15 - Trusted Zone: *.corp.jmfamily.com
O15 - Trusted Zone: cookiepro.jmfamily.com
O15 - Trusted Zone: http://patches.jmfamily.com
O15 - Trusted Zone: *.jmfamily.com
O15 - Trusted Zone: http://*.jmfemail.com
O15 - Trusted Zone: *.jmmenu.com
O15 - Trusted Zone: http://*.jmsc
O15 - Trusted Zone: *.jmsreporting.com
O15 - Trusted Zone: *.lexus.com
O15 - Trusted Zone: http://www.manheim.com
O15 - Trusted Zone: *.mmsa.com
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://www2.motorplace.com
O15 - Trusted Zone: http://*.oasis
O15 - Trusted Zone: http://*.oncall
O15 - Trusted Zone: *.onebridge.com
O15 - Trusted Zone: *.reyrey.com
O15 - Trusted Zone: http://www.setdealerdaily.com
O15 - Trusted Zone: *.setdealerdaily.com
O15 - Trusted Zone: http://jmfe.skillport.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: *.toyota.com
O15 - Trusted Zone: http://www.trendsecure.com
O15 - Trusted Zone: *.ups.com
O15 - Trusted Zone: *.vmsnet.com
O15 - Trusted Zone: *.worldtravel.net
O15 - Trusted Zone: *.aaxchange.com (HKLM)
O15 - Trusted Zone: *.alldatapro.com (HKLM)
O15 - Trusted Zone: *.dealertrack.com (HKLM)
O15 - Trusted Zone: *.dealerups.com (HKLM)
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.drfsappp25 (HKLM)
O15 - Trusted Zone: http://*.drfsiisp04 (HKLM)
O15 - Trusted Zone: *.fiserv.com (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: *.corp.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmmenu.com (HKLM)
O15 - Trusted Zone: http://*.jmsc (HKLM)
O15 - Trusted Zone: *.lexus.com (HKLM)
O15 - Trusted Zone: http://www.manheim.com (HKLM)
O15 - Trusted Zone: *.mmsa.com (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://www2.motorplace.com (HKLM)
O15 - Trusted Zone: http://*.oasis (HKLM)
O15 - Trusted Zone: http://*.oncall (HKLM)
O15 - Trusted Zone: *.onebridge.com (HKLM)
O15 - Trusted Zone: *.reyrey.com (HKLM)
O15 - Trusted Zone: http://www.setdealerdaily.com (HKLM)
O15 - Trusted Zone: *.setdealerdaily.com (HKLM)
O15 - Trusted Zone: http://jmfe.skillport.com (HKLM)
O15 - Trusted Zone: *.skillport.com (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)
O15 - Trusted Zone: *.toyota.com (HKLM)
O15 - Trusted Zone: *.ups.com (HKLM)
O15 - Trusted Zone: *.vmsnet.com (HKLM)
O15 - Trusted Zone: *.worldtravel.net (HKLM)
O15 - Trusted IP range: http://192.168.52.154
O15 - Trusted IP range: http://166.73.134.51
O15 - Trusted IP range: http://166.73.134.62
O15 - Trusted IP range: http://192.168.52.154 (HKLM)
O15 - Trusted IP range: http://166.73.134.51 (HKLM)
O15 - Trusted IP range: http://166.73.134.62 (HKLM)
O16 - DPF: Launcher - http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} - https://dks.jmfamily.com/cabs/SSTree.CAB
O16 - DPF: {41E6DDD6-FBD6-4718-80F7-9B160533C2F5} (Infragistics UltraToolbars Control 5.0) - https://dks.jmfamily.com/cabs/IGToolbars50.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} - https://dks.jmfamily.com/cabs/IGUltraGrid20.CAB
O16 - DPF: {B63EA811-FF25-4211-A6D2-58BF767432E1} - https://dks.jmfamily.com/cabs/pictureloader.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - http://performancetrac.jmfefinancial.com/reports/ss/viewers/activeXViewer/activexviewer.cab
O16 - DPF: {CB6742B9-7282-4002-A024-455466F42A18} (Intravision.Raven.AltaPlaybackClient) - https://portal.intravisiontech.com/jimray/utility/MediaClient.CAB
O16 - DPF: {E2DD00FF-38ED-11D5-8F28-00008344CD16} - http://associatedirectory/GSAXCtrl.ocx
O16 - DPF: {EA6F44F0-AA12-406F-81D3-44078757220B} (AppLauncherToolBar.UserControlToolBar) - http://oasisapplauncher/AppLauncherToolBar.CAB
O16 - DPF: {F0D96671-A5CE-4854-AE49-6835742D232F} - https://dks.jmfamily.com/cabs/IGThreed40.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.jmfamily.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 14352 bytes

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3

9/24/2008 11:34:20 AM
mbam-log-2008-09-24 (11-34-20).txt

Scan type: Quick Scan
Objects scanned: 50806
Time elapsed: 11 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccs2j0ev11 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccs2j0ev11 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\rhccs2j0ev11\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\rhccs2j0ev11\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\rhccs2j0ev11.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\rhccs2j0ev11.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccs2j0ev11\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vdo_g.ini (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc9s2j0ev11.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\iujmheb\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Geri · 2008/09/24

Hi Joe
Did you add all those to your trusted zone?(The 015's in your HJT log)

Please post this.

Download RSIT by random/random and save it to your desktop.

Double click RSIT.exe to start the tool.

At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.

If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.

When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.

Please post the contents of log.txt here in your next reply.

Thanks
Geri

Geri · 2008/09/24

visionof.
Your point in posting to this thread??

I would appreciate it, that if you have nothing positive to add that you stay out of these threads.

Joe
Follow my directions please.

Thanks
Geri

JoeB · 2008/09/27

Reply

"Geri said: ↑

visionof.
Your point in posting to this thread??

I would appreciate it, that if you have nothing positive to add that you stay out of these threads.

Joe
Follow my directions please.

Thanks
Geri
Click to expand...

Geri,

What did you mean that if I have nothinh positive to add that I stay out of these threads?

noahdfear · 2008/09/27

Geri's post was in response to a post by member visionof, which I deleted. It was not directed toward you Joe.

Please post the log from RSIT as requested, and let Geri know if you added all those sites to your Internet Explorer trusted zone. Thanks!

JoeB · 2008/10/03

Log File RSIT.EXE

Logfile of random's system information tool 1.04 (written by random/random)
Run by iujmheb at 2008-10-03 19:36:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (51%) free of 38 GB
Total RAM: 510 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:09 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0400Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\iujmheb\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\iujmheb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AGNCF] "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" -initonly /default=on /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\iujmheb\LOCALS~1\Temp\AutoDetect.exe /active
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://oasis
O15 - Trusted Zone: *.aaxchange.com
O15 - Trusted Zone: *.alldatapro.com
O15 - Trusted Zone: *.dealertrack.com
O15 - Trusted Zone: *.dealerups.com
O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://*.drfsappp25
O15 - Trusted Zone: http://*.drfsiisp04
O15 - Trusted Zone: *.fiserv.com
O15 - Trusted Zone: http://deckard.geekstogo.com
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: dealer.jmagroup.com
O15 - Trusted Zone: www.jmagroup.com
O15 - Trusted Zone: *.corp.jmfamily.com
O15 - Trusted Zone: cookiepro.jmfamily.com
O15 - Trusted Zone: http://patches.jmfamily.com
O15 - Trusted Zone: *.jmfamily.com
O15 - Trusted Zone: http://*.jmfemail.com
O15 - Trusted Zone: *.jmmenu.com
O15 - Trusted Zone: http://*.jmsc
O15 - Trusted Zone: *.jmsreporting.com
O15 - Trusted Zone: *.lexus.com
O15 - Trusted Zone: http://www.manheim.com
O15 - Trusted Zone: *.mmsa.com
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://www2.motorplace.com
O15 - Trusted Zone: http://*.oasis
O15 - Trusted Zone: http://*.oncall
O15 - Trusted Zone: *.onebridge.com
O15 - Trusted Zone: *.reyrey.com
O15 - Trusted Zone: http://www.setdealerdaily.com
O15 - Trusted Zone: *.setdealerdaily.com
O15 - Trusted Zone: http://jmfe.skillport.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: *.toyota.com
O15 - Trusted Zone: http://www.trendsecure.com
O15 - Trusted Zone: *.ups.com
O15 - Trusted Zone: *.vmsnet.com
O15 - Trusted Zone: *.worldtravel.net
O15 - Trusted Zone: *.aaxchange.com (HKLM)
O15 - Trusted Zone: *.alldatapro.com (HKLM)
O15 - Trusted Zone: *.dealertrack.com (HKLM)
O15 - Trusted Zone: *.dealerups.com (HKLM)
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.drfsappp25 (HKLM)
O15 - Trusted Zone: http://*.drfsiisp04 (HKLM)
O15 - Trusted Zone: *.fiserv.com (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: *.corp.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmmenu.com (HKLM)
O15 - Trusted Zone: http://*.jmsc (HKLM)
O15 - Trusted Zone: *.lexus.com (HKLM)
O15 - Trusted Zone: http://www.manheim.com (HKLM)
O15 - Trusted Zone: *.mmsa.com (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://www2.motorplace.com (HKLM)
O15 - Trusted Zone: http://*.oasis (HKLM)
O15 - Trusted Zone: http://*.oncall (HKLM)
O15 - Trusted Zone: *.onebridge.com (HKLM)
O15 - Trusted Zone: *.reyrey.com (HKLM)
O15 - Trusted Zone: http://www.setdealerdaily.com (HKLM)
O15 - Trusted Zone: *.setdealerdaily.com (HKLM)
O15 - Trusted Zone: http://jmfe.skillport.com (HKLM)
O15 - Trusted Zone: *.skillport.com (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)
O15 - Trusted Zone: *.toyota.com (HKLM)
O15 - Trusted Zone: *.ups.com (HKLM)
O15 - Trusted Zone: *.vmsnet.com (HKLM)
O15 - Trusted Zone: *.worldtravel.net (HKLM)
O15 - Trusted IP range: http://192.168.52.154
O15 - Trusted IP range: http://166.73.134.51
O15 - Trusted IP range: http://166.73.134.62
O15 - Trusted IP range: http://192.168.52.154 (HKLM)
O15 - Trusted IP range: http://166.73.134.51 (HKLM)
O15 - Trusted IP range: http://166.73.134.62 (HKLM)
O16 - DPF: Launcher - http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} - https://dks.jmfamily.com/cabs/SSTree.CAB
O16 - DPF: {41E6DDD6-FBD6-4718-80F7-9B160533C2F5} (Infragistics UltraToolbars Control 5.0) - https://dks.jmfamily.com/cabs/IGToolbars50.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} - https://dks.jmfamily.com/cabs/IGUltraGrid20.CAB
O16 - DPF: {B63EA811-FF25-4211-A6D2-58BF767432E1} - https://dks.jmfamily.com/cabs/pictureloader.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - http://performancetrac.jmfefinancial.com/reports/ss/viewers/activeXViewer/activexviewer.cab
O16 - DPF: {CB6742B9-7282-4002-A024-455466F42A18} (Intravision.Raven.AltaPlaybackClient) - https://portal.intravisiontech.com/jimray/utility/MediaClient.CAB
O16 - DPF: {E2DD00FF-38ED-11D5-8F28-00008344CD16} - http://associatedirectory/GSAXCtrl.ocx
O16 - DPF: {EA6F44F0-AA12-406F-81D3-44078757220B} (AppLauncherToolBar.UserControlToolBar) - http://oasisapplauncher/AppLauncherToolBar.CAB
O16 - DPF: {F0D96671-A5CE-4854-AE49-6835742D232F} - https://dks.jmfamily.com/cabs/IGThreed40.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.jmfamily.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 14512 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe "=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2005-02-22 155648]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2005-02-22 126976]
"Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2004-10-13 57344]
"Apoint "=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"type32 "=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-03-15 196608]
"SBMGRNT.EXE "=C:\PROGRA~1\SafeBoot\SBMGRNT.EXE [2007-02-12 49212]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray "=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
"RoxioEngineUtility "=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2005-02-17 5406720]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"AGNCF "=C:\Program Files\AT&T Global Network Client\MigrateFW.exe [2004-10-29 32768]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"V0400Mon.exe "=C:\WINDOWS\V0400Mon.exe [2007-08-23 28672]
"KernelFaultCheck "=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Ceedo AutoDetect "=C:\DOCUME~1\iujmheb\LOCALS~1\Temp\AutoDetect.exe [2007-11-15 374288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-06-07 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc9s2j0ev11]
C:\WINDOWS\system32\lphc9s2j0ev11.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
C:\Program Files\Plaxo\3.12.0.48\PlaxoSysTray.exe [2008-05-06 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\3.12.0.48\PlaxoHelper_en.exe [2008-05-06 293447]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RightFAX Print-to-Fax Driver]
C:\Program Files\RightFax\Client\FaxCtrl.exe [2005-09-30 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-06-25 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhccs2j0ev11]
C:\Program Files\rhccs2j0ev11\rhccs2j0ev11.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0400Mon.exe]
C:\WINDOWS\V0400Mon.exe [2007-08-23 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IVTClientUpdate "=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=1
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd89fe7-755d-11dd-9be9-0013ce37c845}]
shell\AutoRun\command - F:\run_sn~1.exe
shell\open\command - F:\run_sn~1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead75c28-4172-11dc-9a18-0013ce37c845}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efa391a0-464e-11dd-9b79-0013ce37c845}]
shell\AutoRun\command - F:\Autorun.exe /run
shell\Shell00\command - F:\Autorun.exe /run
shell\Shell01\command - F:\Autorun.exe /action
shell\Shell02\command - F:\Autorun.exe /uninstall

======List of files/folders created in the last 3 months======

2008-09-29 14:40:46 ----D---- C:\rsit
2008-09-24 11:20:45 ----D---- C:\Documents and Settings\iujmheb\Application Data\Malwarebytes
2008-09-24 11:20:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 11:20:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 07:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 11:23:11 ----D---- C:\Program Files\CCleaner
2008-08-28 23:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-28 19:06:35 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Ovation EV-DO Modem.txt
2008-08-28 18:57:04 ----D---- C:\Program Files\Novatel Wireless
2008-08-28 18:56:14 ----D---- C:\Program Files\Verizon Wireless
2008-08-27 07:48:07 ----D---- C:\WINDOWS\Prefetch
2008-08-27 00:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-27 00:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-27 00:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-27 00:14:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-27 00:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-27 00:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-27 00:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-27 00:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-27 00:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-27 00:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-27 00:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-27 00:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-27 00:05:03 ----D---- C:\WINDOWS\system32\en-us
2008-08-27 00:05:00 ----D---- C:\WINDOWS\system32\scripting
2008-08-27 00:04:56 ----D---- C:\WINDOWS\l2schemas
2008-08-27 00:04:55 ----D---- C:\WINDOWS\system32\en
2008-08-27 00:04:54 ----D---- C:\WINDOWS\system32\bits
2008-08-26 23:58:53 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-26 23:53:28 ----D---- C:\WINDOWS\network diagnostic
2008-08-26 23:44:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-26 18:50:00 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-26 18:49:56 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-26 18:49:53 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-26 18:49:51 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-26 18:49:51 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-26 18:49:38 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-26 18:49:38 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-26 18:49:27 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-26 18:49:25 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-26 18:49:23 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-26 18:49:23 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-26 18:49:23 ----N---- C:\WINDOWS\slrundll.exe
2008-08-26 18:49:22 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-26 18:49:22 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-26 18:49:22 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-26 18:49:17 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-26 18:49:13 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-26 18:49:12 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-26 18:49:10 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-26 18:49:08 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-26 18:49:07 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-26 18:49:07 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-26 18:49:07 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-26 18:49:04 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 18:49:01 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-26 18:48:49 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-26 18:48:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-26 18:48:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-26 18:48:48 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-26 18:48:47 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-26 18:48:47 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-26 18:48:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-26 18:48:44 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-26 18:48:23 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 18:48:22 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 18:48:22 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-26 18:48:22 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 18:48:05 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 18:48:04 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 18:48:03 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 18:48:03 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 18:48:03 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 18:48:02 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 18:47:49 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-26 18:47:48 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-26 18:47:42 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-26 18:47:35 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-26 18:47:26 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-26 18:47:26 ----A---- C:\WINDOWS\003198_.tmp
2008-08-26 18:47:24 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-26 18:47:24 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-26 18:47:23 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-26 18:47:23 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-26 18:47:23 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-26 18:47:23 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-26 18:47:23 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-26 18:47:22 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-26 18:47:19 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-26 18:47:19 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-26 18:47:18 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-26 18:47:18 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-26 18:47:18 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-26 18:47:18 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-26 18:47:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-26 18:47:16 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-26 18:47:16 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-26 18:47:16 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-26 18:47:11 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-26 18:47:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-26 18:47:01 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-26 18:47:00 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-26 18:47:00 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-26 18:46:58 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-26 18:46:58 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-26 18:46:58 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-26 18:46:58 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-26 18:46:58 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-26 18:46:46 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-13 00:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-13 00:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 00:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 00:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 00:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 00:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-13 00:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-13 00:29:36 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$
2008-08-11 22:11:23 ----D---- C:\Program Files\iTunes
2008-08-11 22:02:01 ----D---- C:\Program Files\Safari
2008-07-28 13:45:22 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-07-28 13:45:22 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-07-25 03:36:00 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-07-25 03:34:54 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-07-25 03:34:52 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-07-25 03:34:50 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-07-25 03:34:42 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-07-25 03:34:36 ----A---- C:\WINDOWS\system32\DivX.dll
2008-07-25 03:34:30 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-23 11:50:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 11:46:38 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-11 12:25:27 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-11 12:24:48 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-11 12:24:30 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-11 12:24:16 ----D---- C:\Program Files\Yahoo! Games
2008-07-09 00:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-07 15:11:22 ----A---- C:\CTSUFile.txt
2008-07-07 14:26:42 ----A---- C:\WINDOWS\V0400Mon.exe
2008-07-07 14:26:42 ----A---- C:\WINDOWS\V0400Cfg.exe
2008-07-07 14:26:42 ----A---- C:\WINDOWS\system32\V0400Vfw.dll
2008-07-07 14:26:42 ----A---- C:\WINDOWS\system32\V0400Srv.exe
2008-07-07 14:26:42 ----A---- C:\WINDOWS\system32\V0400Pin.dll
2008-07-07 14:26:42 ----A---- C:\WINDOWS\system32\V0400Hwx.dll
2008-07-07 14:26:42 ----A---- C:\WINDOWS\system32\V0400Cvw.dll
2008-07-07 14:26:42 ----A---- C:\WINDOWS\system32\V0400Afx.dll
2008-07-07 12:42:52 ----D---- C:\Documents and Settings\iujmheb\Application Data\muvee Technologies
2008-07-07 12:42:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 12:37:07 ----A---- C:\WINDOWS\system32\cximage.dll
2008-07-07 12:36:14 ----D---- C:\Live! Cam
2008-07-07 12:31:24 ----D---- C:\Documents and Settings\iujmheb\Application Data\Creative
2008-07-07 12:31:22 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-07-07 12:23:30 ----C---- C:\WINDOWS\Ctregrun.exe
2008-07-07 12:22:05 ----RAC---- C:\WINDOWS\CtDrvIns.exe.manifest
2008-07-07 12:22:05 ----RA---- C:\WINDOWS\system32\CtCamMgr.dll
2008-07-07 12:22:05 ----A---- C:\WINDOWS\CtDrvIns.exe
2008-07-07 12:20:48 ----D---- C:\WINDOWS\CtDrvInstall
2008-07-07 12:13:56 ----D---- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-07-07 12:12:58 ----D---- C:\Program Files\SightSpeed
2008-07-07 12:05:30 ----D---- C:\Program Files\Creative

======List of files/folders modified in the last 3 months======

2008-10-03 19:36:01 ----AD---- C:\WINDOWS\Temp
2008-10-02 17:18:43 ----D---- C:\Program Files\Symantec AntiVirus
2008-10-02 17:17:13 ----D---- C:\Program Files\SafeBoot
2008-10-02 00:02:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-30 19:54:18 ----SHD---- C:\WINDOWS\CSC
2008-09-29 12:34:52 ----AD---- C:\WINDOWS
2008-09-29 12:34:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-24 11:34:19 ----RD---- C:\Program Files
2008-09-24 11:34:18 ----D---- C:\WINDOWS\system32
2008-09-24 11:21:08 ----D---- C:\WINDOWS\system32\drivers
2008-09-24 00:27:27 ----RASH---- C:\boot.ini
2008-09-24 00:27:27 ----A---- C:\WINDOWS\win.ini
2008-09-24 00:27:27 ----A---- C:\WINDOWS\system.ini
2008-09-23 22:49:08 ----SHD---- C:\System Volume Information
2008-09-23 22:49:08 ----D---- C:\WINDOWS\system32\Restore
2008-09-23 22:02:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-23 21:51:07 ----D---- C:\WINDOWS\Debug
2008-09-23 20:50:33 ----HD---- C:\WINDOWS\inf
2008-09-23 20:50:28 ----D---- C:\WINDOWS\Help
2008-09-16 09:51:51 ----D---- C:\WINDOWS\security
2008-09-16 08:42:18 ----D---- C:\Program Files\AT&T Global Network Client
2008-09-15 14:09:20 ----A---- C:\WINDOWS\system32\vsconfig.bak
2008-09-11 07:41:34 ----D---- C:\WINDOWS\WinSxS
2008-09-10 11:25:11 ----D---- C:\WINDOWS\Minidump
2008-09-09 22:15:44 ----D---- C:\Documents and Settings\iujmheb\Application Data\U3
2008-08-28 19:08:24 ----D---- C:\Documents and Settings\iujmheb\Application Data\Smith Micro
2008-08-28 19:06:32 ----AC---- C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
2008-08-28 18:59:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-28 18:57:45 ----SHD---- C:\WINDOWS\Installer
2008-08-28 18:57:45 ----HD---- C:\Config.Msi
2008-08-28 18:56:59 ----D---- C:\WINDOWS\Downloaded Installations
2008-08-28 14:34:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-27 07:46:32 ----D---- C:\WINDOWS\system32\Setup
2008-08-27 07:46:32 ----D---- C:\WINDOWS\AppPatch
2008-08-27 07:46:27 ----D---- C:\WINDOWS\system32\wbem
2008-08-27 07:46:21 ----RSD---- C:\WINDOWS\Fonts
2008-08-27 00:14:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-27 00:12:35 ----D---- C:\Program Files\Messenger
2008-08-27 00:05:38 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-27 00:05:36 ----D---- C:\WINDOWS\ime
2008-08-27 00:05:03 ----D---- C:\WINDOWS\system32\usmt
2008-08-27 00:04:57 ----D---- C:\Program Files\Internet Explorer
2008-08-27 00:04:54 ----D---- C:\WINDOWS\PeerNet
2008-08-27 00:04:53 ----D---- C:\Program Files\Movie Maker
2008-08-26 23:58:26 ----D---- C:\WINDOWS\system32\npp
2008-08-26 23:58:26 ----D---- C:\WINDOWS\mui
2008-08-26 23:58:23 ----D---- C:\WINDOWS\msagent
2008-08-26 23:58:20 ----D---- C:\WINDOWS\srchasst
2008-08-26 23:58:18 ----D---- C:\Program Files\NetMeeting
2008-08-26 23:58:14 ----D---- C:\WINDOWS\system32\Com
2008-08-26 23:58:09 ----D---- C:\Program Files\Windows Media Player
2008-08-26 23:58:07 ----D---- C:\Program Files\Windows NT
2008-08-26 23:58:07 ----D---- C:\Program Files\Outlook Express
2008-08-26 23:58:00 ----D---- C:\Program Files\Common Files\System
2008-08-26 23:57:16 ----D---- C:\WINDOWS\system32\oobe
2008-08-26 23:57:11 ----D---- C:\WINDOWS\system
2008-08-26 23:49:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-26 23:44:20 ----D---- C:\WINDOWS\ehome
2008-08-26 15:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-22 22:30:06 ----D---- C:\Program Files\DivX
2008-08-11 22:13:45 ----SD---- C:\WINDOWS\Tasks
2008-08-11 22:13:43 ----D---- C:\Program Files\Apple Software Update
2008-08-11 22:11:37 ----D---- C:\Program Files\iPod
2008-08-01 02:05:17 ----A---- C:\WINDOWS\ModemLog_Curitel PC Card.txt
2008-07-28 13:45:24 ----D---- C:\WINDOWS\Internet Logs
2008-07-22 00:19:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-07 15:26:58 ----A---- C:\WINDOWS\system32\es.dll
2008-07-07 15:11:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-07-07 14:26:29 ----D---- C:\WINDOWS\twain_32
2008-07-07 14:07:33 ----HD---- C:\Program Files\InstallShield Installation Information
2008-07-07 14:04:44 ----D---- C:\Program Files\Common Files
2008-07-07 13:46:41 ----D---- C:\WINDOWS\pss
2008-07-07 13:34:10 ----D---- C:\Program Files\Plaxo
2008-07-07 12:17:02 ----A---- C:\AUTOEXEC.BAT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-08-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-08-19 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-06-25 259328]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-06-25 118409]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2007-02-12 4752]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SBFlop;SBFlop; C:\WINDOWS\system32\drivers\SBFlop.sys [2007-02-12 6096]
R1 SbPrcCtl;SbPrcCtl; C:\WINDOWS\system32\drivers\SbPrcCtl.sys [2007-02-12 14864]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-06-25 213120]
R1 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-04-18 21419]
R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-09-27 19328]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2007-01-10 15440]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2007-01-10 15440]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2007-01-10 15440]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2007-01-10 15440]
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\SYSTEM32\Drivers\WGX.sys [2007-01-10 26192]
R3 ABVPN2K;AGN VPN Client Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2004-10-23 165248]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-08-19 154112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-08 1041536]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2004-09-08 161024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-11-03 2301568]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-06-25 22745]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081001.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081001.003\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-17 3298144]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\system32\DRIVERS\SonyNC.sys [2000-11-09 48896]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-01-06 52736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-06-24 2216064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-08 685184]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 HIDKbFlt;HIDKbFlt.SvcDesc%; C:\WINDOWS\system32\DRIVERS\HIDKbFlt.sys []
S2 vdo_3949-48e3;vdo_3949-48e3; \??\C:\WINDOWS\system32\vdo_3949-48e3.sys []
S3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-06-25 21993]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-22 807742]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-04-19 99200]
S3 NWVNDIS;Novatel Wireless Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\NWVNdis.sys [2007-04-19 225280]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-12 55344]
S3 pwi_mdfl;Curitel PC Card Filter; C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-12 9200]
S3 pwi_mdm;Curitel PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-12 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter; C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-12 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-12 69632]
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VF0400Afx;VF0400 Audio FX; C:\WINDOWS\system32\Drivers\V0400Afx.sys [2007-06-11 142656]
S3 VF0400Vfx;VF0400 Video FX; C:\WINDOWS\system32\DRIVERS\V0400VFx.sys [2007-03-05 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400); C:\WINDOWS\system32\DRIVERS\V0400Vid.sys [2007-06-07 166720]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XIRLINK;Veo Mobile/Advanced Web Camera; C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2004-01-26 728083]
S4 black;black; C:\WINDOWS\System32\drivers\BlackDrv.sys []
S4 SysGuard;SysGuard; C:\WINDOWS\System32\Drivers\Sysguard.sys [2007-01-10 44544]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE [2004-10-29 126976]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-17 127043]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager; C:\Program Files\SafeBoot\SBMGRNT.EXE [2007-02-12 49212]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R2 Seagate Sync Service;Seagate Sync Service; C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 SmcService;Symantec Protection Agent 5.1; C:\Program Files\Symantec\SPA\smc.exe [2007-01-10 2508368]
R2 SNAC;Symantec NAC Service; C:\Program Files\Symantec\SPA\snac.exe [2007-01-10 222800]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-01-21 150528]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 IVTClientUpdate;Intravision Client Update Service; c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe [2006-06-09 32768]
S4 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-03-04 73728]
S4 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-03-04 278528]
S4 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-03-04 131072]
S4 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-03-04 118784]

-----------------EOF-----------------

Geri · 2008/10/03

Hi Joe
OK I still need to know if you added those to your trusted zone. All the 015's showing in the HJT log?

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

JoeB · 2008/10/03

Geri I am using a company laptop. All of these sites have been added by my system admin.

Geri · 2008/10/04

Hi Joe.
OK thanks.

The Combofix log?

Geri

JoeB · 2008/10/04

Cobo Fix Log

ComboFix 08-10-04.01 - iujmheb 2008-10-04 13:25:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.119 [GMT -5:00]
Running from: C:\Documents and Settings\iujmheb\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-09-29 14:40 . 2008-09-29 14:41 <DIR> d-------- C:\rsit
2008-09-24 11:20 . 2008-09-24 11:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 11:20 . 2008-09-24 11:20 <DIR> d-------- C:\Documents and Settings\iujmheb\Application Data\Malwarebytes
2008-09-24 11:20 . 2008-09-24 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 11:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 11:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 11:23 . 2008-09-10 11:23 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 18:23 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-10-02 22:17 --------- d-----w C:\Program Files\SafeBoot
2008-09-16 13:42 --------- d-----w C:\Program Files\AT&T Global Network Client
2008-09-10 03:15 --------- d-----w C:\Documents and Settings\iujmheb\Application Data\U3
2008-08-29 00:08 --------- d-----w C:\Documents and Settings\iujmheb\Application Data\Smith Micro
2008-08-28 23:57 --------- d-----w C:\Program Files\Novatel Wireless
2008-08-28 23:56 --------- d-----w C:\Program Files\Verizon Wireless
2008-08-23 03:30 --------- d-----w C:\Program Files\DivX
2008-08-12 03:13 --------- d-----w C:\Program Files\Apple Software Update
2008-08-12 03:11 --------- d-----w C:\Program Files\iTunes
2008-08-12 03:11 --------- d-----w C:\Program Files\iPod
2008-08-12 03:02 --------- d-----w C:\Program Files\Safari
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-01-25 18:29 1,622 -c--a-w C:\Program Files\ALLTEL Internet Accelerator Client setup.log
2007-08-09 22:29 3,527 -c--a-w C:\Documents and Settings\Incomplete\downloads.dat
2006-07-02 05:56 152 -c--a-w C:\Documents and Settings\iujmheb\Application Data\wklnhst.dat
2004-09-29 02:52 20,008 -c--a-w C:\Documents and Settings\iujmheb\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe "= "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-02-22 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 126976]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2003-11-07 114688]
"type32 "= "C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"SBMGRNT.EXE "= "C:\PROGRA~1\SafeBoot\SBMGRNT.EXE" [2007-02-12 49212]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"RoxioEngineUtility "= "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2005-02-17 5406720]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"AGNCF "= "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" [2004-10-29 32768]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"V0400Mon.exe "= "C:\WINDOWS\V0400Mon.exe" [2007-08-23 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 11:48 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd "= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"MSVideo "= ucdvfw.dll
"VIDC.XJPG "= camfc.dll
"VIDC.D263 "= xl_x263dec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=OLKBndg.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script "=adminpassword.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2041924414-1375143614-688353862-52811\Scripts\Logon\0\0]
"Script "=compprop.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--------- 2007-06-07 14:01 155648 C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
--a--c--- 2008-05-06 11:12 20480 C:\Program Files\Plaxo\3.12.0.48\plaxosystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a--c--- 2008-05-06 11:12 293447 C:\Program Files\Plaxo\3.12.0.48\PlaxoHelper_en.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RightFAX Print-to-Fax Driver]
--a------ 2005-09-30 17:34 98304 C:\Program Files\RightFax\Client\FAXCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a--c--- 2003-06-25 00:18 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a--c--- 2007-01-18 14:20 190008 C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0400Mon.exe]
--a------ 2007-08-23 01:02 28672 C:\WINDOWS\V0400Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IVTClientUpdate "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5556:TCP "= 5556:TCP:SafeBoot

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-02-12 30267]
R0 SBAlg;SBAlg;C:\WINDOWS\system32\drivers\SBAlg.sys [2007-02-12 44848]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-02-12 4752]
R1 SBFlop;SBFlop;C:\WINDOWS\system32\drivers\SBFlop.sys [2007-02-12 6096]
R1 SbPrcCtl;SbPrcCtl;C:\WINDOWS\system32\drivers\SbPrcCtl.sys [2007-02-12 14864]
R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-09-27 19328]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;C:\Program Files\SafeBoot\SBMGRNT.EXE [2007-02-12 49212]
R2 Seagate Sync Service;Seagate Sync Service;C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 WGX;Extend WG Protocol Driver;C:\WINDOWS\system32\Drivers\WGX.sys [2007-01-10 26192]
R3 ABVPN2K;AGN VPN Client Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2004-10-23 165248]
R3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
S2 HIDKbFlt;HIDKbFlt.SvcDesc%;C:\WINDOWS\system32\DRIVERS\HIDKbFlt.sys [ ]
S2 vdo_3949-48e3;vdo_3949-48e3;C:\WINDOWS\system32\vdo_3949-48e3.sys [ ]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-04-19 99200]
S3 NWVNDIS;Novatel Wireless Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\NWVNdis.sys [2007-04-19 225280]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-12 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-12 9200]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-12 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-12 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-12 69632]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 36676]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 24344]
S3 VF0400Afx;VF0400 Audio FX;C:\WINDOWS\system32\Drivers\V0400Afx.sys [2007-06-11 142656]
S3 VF0400Vfx;VF0400 Video FX;C:\WINDOWS\system32\DRIVERS\V0400VFx.sys [2007-03-05 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);C:\WINDOWS\system32\DRIVERS\V0400Vid.sys [2007-06-07 166720]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2004-01-26 728083]
S4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [ ]
S4 IVTClientUpdate;Intravision Client Update Service;c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe [2006-06-09 32768]
S4 SysGuard;SysGuard;C:\WINDOWS\system32\Drivers\Sysguard.sys [2007-01-10 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd89fe7-755d-11dd-9be9-0013ce37c845}]
\Shell\AutoRun\command - F:\run_sn~1.exe
\Shell\open\command - F:\run_sn~1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead75c28-4172-11dc-9a18-0013ce37c845}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efa391a0-464e-11dd-9b79-0013ce37c845}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-lphc9s2j0ev11 - C:\WINDOWS\system32\lphc9s2j0ev11.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-MySpaceIM - C:\Program Files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-SMrhccs2j0ev11 - C:\Program Files\rhccs2j0ev11\rhccs2j0ev11.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\iujmheb\Application Data\Mozilla\Firefox\Profiles\dprv20pj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 13:28:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-04 13:33:44
ComboFix-quarantined-files.txt 2008-10-04 18:33:39

Pre-Run: 20,227,174,400 bytes free
Post-Run: 20,212,760,576 bytes free

209 --- E O F --- 2008-09-11 12:44:00

Geri · 2008/10/04

Hi Joe
OK good.

Your Java is out of date and should be updated.

Please download JavaRa and save the file to your desktop.

Right click and Extract All

Once extracted, open and run JavaRa.exe

Click Search For Updates

Select Update Using jucheck.exe

Click Search

If a newer version is found, allow it to be installed

Uncheck the Google Toolbar option. (if you don't want the Google tool bar)

When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed

When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go

Exit the tool when complete.

Read and then You can delete the gpl-2.0.txt file.

Now lets get a on line scan.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

The program will launch and then begin downloading the latest definition files:

Under Scan on the left side.Click on My Computer

This will start the program and scan your system.

Click the “Scan Report” On the left side.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:

Save the text file to your desktop.

Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

JoeB · 2008/10/06

Kaspersky Scanner Shows No Infections

Hi Geri,
No results to post because no infections were detected.

Geri · 2008/10/06

Hi Joe
OK very good.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.

Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete RSIT.exe and this folder C:\rsit

Let me know how things are running and we can mark this one resolved.

Thanks
Geri

JoeB · 2008/10/07

Hi Joe
OK very good.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

I get message "Windows cannot find ComboFix/u "

Geri · 2008/10/07

Hi Joe
Did you make sure there was a space between the x in combofix and the /
This is where a space should be ^
Combofix^/u

JoeB · 2008/10/08

ComboFix removal

Hi Geri,

I tried doing what you wanted:

Hi Joe
OK very good.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created

I get error message that says Windows cannot locate file

Geri · 2008/10/08

Hi Joe
Is combofix still on your Desktop? Look for these also and let me know if they are there.

C:\Qoobox
C:\ComboFix
C:\ComboFix.txt

Thanks

JoeB · 2008/10/12

Can't Remove Combofix

"Geri said: ↑

Hi Joe
OK very good.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.

Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete RSIT.exe and this folder C:\rsit

Let me know how things are running and we can mark this one resolved.

Thanks
Geri
Click to expand...

Having trouble removing combofix

Log in or Sign up

Inactive [InActive] Antivirus XP 2008 Keeps Popping Up all over

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

Geri Inactive Alumni

JoeB Inactive Thread Starter

noahdfear Inactive

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive [InActive] Antivirus XP 2008 Keeps Popping Up all over

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

Geri Inactive Alumni

JoeB Inactive Thread Starter

noahdfear Inactive

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Geri Inactive Alumni

JoeB Inactive Thread Starter

Share This Page

Useful Searches