Solved Very Slow System, with CiD and Tracking.101 pop-ups

[Resolved] Very Slow System, with CiD and Tracking.101 pop-ups

Just joined the site and I have been looking around trying to find some way of getting rid of these pop-ups (I'm assumig it is adware). Here is my BSS log, anything you guys can do to help would be greatly appreciated.

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-16 18:40:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:13 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: cpmsky browser optimizer - {67ba3c7b-6994-028a-1c20-c3dcd7f0a891} - C:\WINDOWS\system32\{5f4d2aa9-6772-0a04-d3c2-f245c15edf28}.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{adb267c3-30f9-0f92-6409-c650685b8cd5}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{5f4d2aa9-6772-0a04-d3c2-f245c15edf28}.dll" DllInit
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [SpybotDeletingA3062] command /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKLM\..\RunOnce: [SpybotDeletingC3238] cmd /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2808] command /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKCU\..\RunOnce: [SpybotDeletingD2155] cmd /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160533832062
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\mlsdf8hpwbhn.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Zero Connection (WinZConn) - Unknown owner - C:\WINDOWS\system32\mswnt.exe (file missing)

--
End of file - 18531 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 18:37:12 0 d-------- C:\Program Files\Trend Micro
2008-06-15 17:37:29 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Program shim
2008-06-11 15:49:08 0 d-------- C:\WINDOWS\LastGood
2008-06-11 15:39:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 23:43:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Program shim
2008-05-29 18:39:25 0 d-------- C:\Program Files\Wyzo
2008-05-29 18:38:59 0 d-------- C:\Documents and Settings\All Users\Application Data\great coal love default
2008-05-29 18:38:26 0 d-------- C:\Program Files\BitDownload
2008-05-29 17:01:59 0 d-------- C:\Program Files\SCRABBLE
2008-05-29 17:01:59 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SpinTop
2008-05-29 15:48:11 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-05-29 15:47:42 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\GameHouse
2008-05-29 15:47:37 0 d-------- C:\Program Files\GameHouse
2008-05-29 14:44:29 0 d-------- C:\Program Files\MSN Games
2008-05-29 14:41:07 0 d-------- C:\Program Files\RealArcade


-- Find3M Report ---------------------------------------------------------------

2008-06-15 18:57:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-14 18:19:19 0 d-------- C:\Program Files\Common Files
2008-06-14 11:27:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-29 18:36:55 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-05-19 18:40:38 0 d-------- C:\Program Files\music from upstairs
2008-05-05 06:59:30 331264 --a------ C:\WINDOWS\system32\{5f4d2aa9-6772-0a04-d3c2-f245c15edf28}.dll
2008-04-21 14:20:37 0 d-------- C:\Program Files\McAfee
2008-04-21 14:20:07 0 d-------- C:\Program Files\AlphaZIP
2008-04-18 16:22:55 0 d-------- C:\Program Files\Uniblue
2008-04-18 16:01:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 15:55:17 0 d-------- C:\Program Files\Google
2008-04-18 15:54:40 0 d-------- C:\Program Files\Easy Internet signup
2008-04-18 15:53:02 0 d-------- C:\Program Files\Common Files\AOL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67ba3c7b-6994-028a-1c20-c3dcd7f0a891}]
05/05/2008 06:59 AM 331264 --a------ C:\WINDOWS\system32\{5f4d2aa9-6772-0a04-d3c2-f245c15edf28}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 03:51 PM]
"HPHUPD06 "= "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 09:53 PM]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 09:42 PM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/11/2004 11:52 PM]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 11:43 PM]
"VTTimer "= "VTTimer.exe" []
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"AGRSMMSG "= "AGRSMMSG.exe" [06/29/2004 08:06 PM C:\WINDOWS\AGRSMMSG.exe]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [10/16/2002 07:57 PM]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/03/2005 12:45 PM]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 01:18 AM]
"VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [02/25/2004 08:04 AM]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 05:32 PM]
"LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 03:24 PM]
"LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 03:14 PM]
"AlcxMonitor "= "ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 03:55 PM]
"Zune Launcher "= "C:\Program Files\Zune\ZuneLauncher.exe" [12/12/2006 03:45 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [01/10/2008 04:27 PM]
"{adb267c3-30f9-0f92-6409-c650685b8cd5} "= "C:\WINDOWS\system32\{5f4d2aa9-6772-0a04-d3c2-f245c15edf28}.dll" [05/05/2008 06:59 AM]
"CleanUp "= "C:\PROGRA~1\McAfee.com\Shared\mcappins.exe" [07/09/2006 02:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [06/03/2006 09:06 PM]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 02:44 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/26/2007 06:20 PM]
"AIM "= "C:\Program Files\AIM\aim.exe" [08/01/2006 04:35 PM]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [08/18/2005 02:49 PM]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB2808 "=command /c del "C:\WINDOWS\wt\webdriver.dll "
"SpybotDeletingD2155 "=cmd /c del "C:\WINDOWS\wt\webdriver.dll "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA3062 "=command /c del "C:\WINDOWS\wt\webdriver.dll "
"SpybotDeletingC3238 "=cmd /c del "C:\WINDOWS\wt\webdriver.dll "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a820c3-0bdc-11dc-9aac-00038a000015}]
AutoRun\command- L:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-16 18:49:01 ------------

 

Welcome to WindowsBBS soxrulebaby04

Did you install Messenger Plus 3 ?

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Broke the Cardinal Rule!

I broke the cardinal rule by making changes since my original post. The good news is I think I got rid of the popups . Hopefully i got most of it but I would appreciate you taking a look at the logs to make sure. Sorry.

ComboFix 08-06-16.5 - HP_Owner 2008-06-17 19:41:52.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\b.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\klnmp.tmp
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 18:37 . 2008-06-16 18:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 18:30 . 2008-06-15 18:30 <DIR> d-------- C:\Deckard
2008-06-15 17:37 . 2008-06-15 17:37 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Program shim
2008-06-14 18:19 . 2008-06-14 18:19 86 --a------ C:\WINDOWS\wininit.ini
2008-06-11 15:39 . 2008-06-11 15:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 15:39 . 2008-06-11 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 18:33 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:33 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-29 23:43 . 2008-05-29 23:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Program shim
2008-05-29 18:39 . 2008-05-29 18:39 <DIR> d-------- C:\Program Files\Wyzo
2008-05-29 18:38 . 2008-05-29 18:38 <DIR> d-------- C:\Program Files\BitDownload
2008-05-29 18:38 . 2008-05-29 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\great coal love default
2008-05-29 17:01 . 2008-05-29 17:02 <DIR> d-------- C:\Program Files\SCRABBLE
2008-05-29 17:01 . 2008-05-29 17:01 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SpinTop
2008-05-29 15:48 . 2008-05-29 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-05-29 15:47 . 2008-05-29 15:47 <DIR> d-------- C:\Program Files\GameHouse
2008-05-29 15:47 . 2008-05-29 15:47 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GameHouse
2008-05-29 14:44 . 2008-05-29 14:44 <DIR> d-------- C:\Program Files\MSN Games
2008-05-29 14:41 . 2008-05-29 14:41 <DIR> d-------- C:\Program Files\RealArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 23:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 15:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-29 22:36 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-05-29 21:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 22:40 --------- d-----w C:\Program Files\music from upstairs
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 18:20 --------- d-----w C:\Program Files\McAfee
2008-04-21 18:20 --------- d-----w C:\Program Files\AlphaZIP
2008-04-18 20:22 --------- d-----w C:\Program Files\Uniblue
2008-04-18 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-18 20:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 19:55 --------- d-----w C:\Program Files\Google
2008-04-18 19:54 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-18 19:53 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-06-03 21:06 20480]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"VTTimer "= "VTTimer.exe" []
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-03 12:45 99984]
"VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 08:00 158208]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-02-27 17:49:37 189952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-02-25 08:04 496752 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 21:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-01-26 18:20 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-11 23:52 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2005-08-18 14:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2006-12-12 15:45 21464 C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe "=
"C:\\StubInstaller.exe "=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "=
"C:\\Program Files\\Rocky Mountain Trophy Hunter 3\\Rocky Mountain Trophy Hunter 3.exe "=
"C:\\WINDOWS\\system32\\dplaysvr.exe "=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Documents and Settings\\HP_Owner\\Desktop\\Ryan\\My DSC\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "=
"C:\\Program Files\\AIM\\aim.exe "=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\AOL 9.0\\waol.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Documents and Settings\\HP_Owner\\My Documents\\! star wars battlefront 2\\LimeWire\\LimeWire.exe "=
"C:\\Documents and Settings\\HP_Owner\\My Documents\\Games\\AOE\\empires2.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a820c3-0bdc-11dc-9aac-00038a000015}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 00:23:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-14 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job "
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-06-17 23:49:00 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 19:47:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-17 19:53:33
ComboFix-quarantined-files.txt 2008-06-17 23:52:26

Pre-Run: 11,530,891,264 bytes free
Post-Run: 11,563,253,760 bytes free

216 --- E O F --- 2008-06-11 07:07:44

 

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:57 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160533832062
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\mlsdf8hpwbhn.exe (file missing)
O23 - Service: Windows Zero Connection (WinZConn) - Unknown owner - C:\WINDOWS\system32\mswnt.exe (file missing)

--
End of file - 13853 bytes

 

You have a LOP infection. Again, did you install Messenger Plus 3? It's sponsor is a known distributor of the LOP infection. If you did, uninstall it via Add/Remove programs. If you still want to use Messenger Plus 3, re-install it and be sure to choose NOT to install the sponsor program. I personally don't feel it's right to use an app sponsored by distributors of malware, so therefore I don't recommend keeping it. Now, lets get rid of LOP.

Download NoLop by Skate_Punk_21 from here and save it to your desktop.

First close any other programs you have running as this may require a reboot.

• Double click NoLop.exe to run it
• Now click the button labelled "Search and Destroy "
• Your computer will now be scanned for infected files
• When scanning is finished you will be prompted to reboot only if infected, click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish
• Please post the contents of C:\NoLop.log (opens in notepad)

 

No sign of Messenger 3 in the add/remove programs. When I ran the NoLop scan it popped up at the end and said "no infection files found." A log never popped up, however.

 

I grew a brain in the last 12 seconds...

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\HP_Owner\Desktop
[6/21/2008]
[9:44:34 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Aol Ocp
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Espionserverdata
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Great Coal Love Default
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Muvee Technologies
C:\Documents and Settings\All Users\Application Data\N7-89-o9-3r-4t-r9
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Shockwave
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Support.com
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Uniblue
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Hp_owner\Application Data\Adobe
C:\Documents and Settings\Hp_owner\Application Data\Adobeum
C:\Documents and Settings\Hp_owner\Application Data\Aim
C:\Documents and Settings\Hp_owner\Application Data\Aol
C:\Documents and Settings\Hp_owner\Application Data\Apple Computer
C:\Documents and Settings\Hp_owner\Application Data\Arcsoft
C:\Documents and Settings\Hp_owner\Application Data\Digital Design Ltd
C:\Documents and Settings\Hp_owner\Application Data\Gamehouse
C:\Documents and Settings\Hp_owner\Application Data\Google
C:\Documents and Settings\Hp_owner\Application Data\Help
C:\Documents and Settings\Hp_owner\Application Data\Identities
C:\Documents and Settings\Hp_owner\Application Data\Installshield
C:\Documents and Settings\Hp_owner\Application Data\Intervideo
C:\Documents and Settings\Hp_owner\Application Data\Juniper Networks
C:\Documents and Settings\Hp_owner\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Leadertech
C:\Documents and Settings\Hp_owner\Application Data\Limewire
C:\Documents and Settings\Hp_owner\Application Data\Macromedia
C:\Documents and Settings\Hp_owner\Application Data\Media Player Classic
C:\Documents and Settings\Hp_owner\Application Data\Microsoft
C:\Documents and Settings\Hp_owner\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Motive
C:\Documents and Settings\Hp_owner\Application Data\Myspace
C:\Documents and Settings\Hp_owner\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Program Shim -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Real
C:\Documents and Settings\Hp_owner\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Skype
C:\Documents and Settings\Hp_owner\Application Data\Sonic
C:\Documents and Settings\Hp_owner\Application Data\Sony Corporation
C:\Documents and Settings\Hp_owner\Application Data\Spintop
C:\Documents and Settings\Hp_owner\Application Data\Sun
C:\Documents and Settings\Hp_owner\Application Data\Symantec
C:\Documents and Settings\Hp_owner\Application Data\Teamspeak2
C:\Documents and Settings\Hp_owner\Application Data\U3
C:\Documents and Settings\Hp_owner\Application Data\Ulead Systems
C:\Documents and Settings\Hp_owner\Application Data\Ventrilo
C:\Documents and Settings\Hp_owner\Application Data\Videoegg
C:\Documents and Settings\Hp_owner\Application Data\Viewpoint
C:\Documents and Settings\Hp_owner\Application Data\Webroot
C:\Documents and Settings\Hp_owner\Application Data\Yahoo!
C:\Documents and Settings\Hp_owner\Application Data\Yahoo! Messenger
C:\Documents and Settings\Hp_owner\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Program Shim
C:\Documents and Settings\Localservice\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Viewpoint
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec
C:\Documents and Settings\Owner\Application Data\Symantec -- EMPTY Directory

 

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next;

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

DirLook::
C:\Documents and Settings\All Users\Application Data\Great Coal Love Default
C:\Documents and Settings\Localservice\Application Data\Program Shim
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

There have been quite a few flash drives used on this computer over the years. I ran a scan on the ones i could find and nothing came up. If I find others I will scan them as well. There is a external hard drive plugged in through usb we use as a backup, perhaps the computer recognizes it the same as it would a flashdrive? Anywho here's the latest combofix.


ComboFix 08-06-16.5 - HP_Owner 2008-06-24 22:00:45.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-23 17:30 . 2008-06-23 17:30 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-21 21:44 . 2008-06-21 21:44 106 --a------ C:\delete.bat
2008-06-16 18:37 . 2008-06-16 18:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 18:30 . 2008-06-15 18:30 <DIR> d-------- C:\Deckard
2008-06-15 17:37 . 2008-06-15 17:37 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Program shim
2008-06-14 18:19 . 2008-06-14 18:19 86 --a------ C:\WINDOWS\wininit.ini
2008-06-11 15:39 . 2008-06-11 15:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 15:39 . 2008-06-11 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 18:33 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:33 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-29 23:43 . 2008-05-29 23:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Program shim
2008-05-29 18:39 . 2008-05-29 18:39 <DIR> d-------- C:\Program Files\Wyzo
2008-05-29 18:38 . 2008-05-29 18:38 <DIR> d-------- C:\Program Files\BitDownload
2008-05-29 18:38 . 2008-05-29 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\great coal love default
2008-05-29 17:01 . 2008-05-29 17:02 <DIR> d-------- C:\Program Files\SCRABBLE
2008-05-29 17:01 . 2008-05-29 17:01 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SpinTop
2008-05-29 15:48 . 2008-05-29 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-05-29 15:47 . 2008-05-29 15:47 <DIR> d-------- C:\Program Files\GameHouse
2008-05-29 15:47 . 2008-05-29 15:47 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GameHouse
2008-05-29 14:44 . 2008-05-29 14:44 <DIR> d-------- C:\Program Files\MSN Games
2008-05-29 14:41 . 2008-05-29 14:41 <DIR> d-------- C:\Program Files\RealArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 07:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 15:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-29 22:36 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-05-29 21:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 22:40 --------- d-----w C:\Program Files\music from upstairs
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\All Users\Application Data\Great Coal Love Default ----

2008-06-16 18:39 3832320 --a------ C:\Documents and Settings\All Users\Application Data\Great Coal Love Default\SUPPORT DALE.exe

---- Directory of C:\Documents and Settings\Localservice\Application Data\Program Shim ----

2008-05-29 18:38 462848 --a------ C:\Documents and Settings\Localservice\Application Data\Program Shim\does acid.exe


((((((((((((((((((((((((((((( snapshot@2008-06-17_19.51.03.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 23:14:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-21 07:09:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2005-08-10 15:22:10 114,464 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\naiavf5x.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-06-03 21:06 20480]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"VTTimer "= "VTTimer.exe" []
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-03 12:45 99984]
"VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 08:00 158208]
"CleanUp "= "C:\PROGRA~1\McAfee.com\Shared\mcappins.exe" [2006-07-09 14:42 136752]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-02-27 17:49:37 189952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-03 21:06:34 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-02-25 08:04 496752 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 21:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-01-26 18:20 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-11 23:52 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2005-08-18 14:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2006-12-12 15:45 21464 C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe "=
"C:\\StubInstaller.exe "=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "=
"C:\\Program Files\\Rocky Mountain Trophy Hunter 3\\Rocky Mountain Trophy Hunter 3.exe "=
"C:\\WINDOWS\\system32\\dplaysvr.exe "=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Documents and Settings\\HP_Owner\\Desktop\\Ryan\\My DSC\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "=
"C:\\Program Files\\AIM\\aim.exe "=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\AOL 9.0\\waol.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Documents and Settings\\HP_Owner\\My Documents\\! star wars battlefront 2\\LimeWire\\LimeWire.exe "=
"C:\\Documents and Settings\\HP_Owner\\My Documents\\Games\\AOE\\empires2.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 W32Time;Windows Time;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
S2 Time;Time Service;C:\WINDOWS\system32\mlsdf8hpwbhn.exe []
S2 WinZConn;Windows Zero Connection; "C:\WINDOWS\system32\mswnt.exe" []
S3 WTime;WTime;C:\WINDOWS\system32\timedrv26.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 00:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-21 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job "
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-06-25 02:04:00 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 22:06:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\DSOUND.dll
.
Completion time: 2008-06-24 22:10:07
ComboFix-quarantined-files.txt 2008-06-25 02:08:57
ComboFix2.txt 2008-06-17 23:53:34

Pre-Run: 11,160,174,592 bytes free
Post-Run: 11,223,851,008 bytes free

224 --- E O F --- 2008-06-21 07:02:01

 

It's very possible that external drive would be seen the same as a flash drive by windows. Run Flash_Disinfector with it attached as well.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now reboot into Safe Mode and logon to your user account.

1. Open the extracted SDFix folder and double click RunThis.cmd to start the script.
2. Type Y to begin the cleanup process.
3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
4. Press any Key and it will restart the PC.
5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
6. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
   (Report.txt will also be copied to Clipboard ready for posting back on the forum).
7. Post the contents of the Report.txt along with a new dss log.

 

SDfix log

SDFix: Version 1.197
Run by HP_Owner on Sat 07/05/2008 at 05:48 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
TIME
WTIME

Path :
C:\WINDOWS\system32\mlsdf8hpwbhn.exe
\??\C:\WINDOWS\system32\timedrv26.sys

TIME - Deleted
WTIME - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 18:24:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe "= "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion "
"C:\\StubInstaller.exe "= "C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater "
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*isabled:Internet Explorer "
"C:\\Program Files\\Rocky Mountain Trophy Hunter 3\\Rocky Mountain Trophy Hunter 3.exe "= "C:\\Program Files\\Rocky Mountain Trophy Hunter 3\\Rocky Mountain Trophy Hunter 3.exe:*:Enabled:Rocky Mountain Trophy Hunter 3 "
"C:\\WINDOWS\\system32\\dplaysvr.exe "= "C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper "
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe "= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer "
"C:\\Program Files\\Ventrilo\\Ventrilo.exe "= "C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo "
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Documents and Settings\\HP_Owner\\Desktop\\Ryan\\My DSC\\LimeWire\\LimeWire.exe "= "C:\\Documents and Settings\\HP_Owner\\Desktop\\Ryan\\My DSC\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\AOL 9.0\\waol.exe "= "C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "= "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "= "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\\Documents and Settings\\HP_Owner\\My Documents\\! star wars battlefront 2\\LimeWire\\LimeWire.exe "= "C:\\Documents and Settings\\HP_Owner\\My Documents\\! star wars battlefront 2\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Documents and Settings\\HP_Owner\\My Documents\\Games\\AOE\\empires2.exe "= "C:\\Documents and Settings\\HP_Owner\\My Documents\\Games\\AOE\\empires2.exe:*:Enabled:Age of Empires II "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "= "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 2 Dec 2005 213 A.SHR --- "C:\BOOT.BAK "
Fri 31 Dec 2004 196 A.SHR --- "C:\BOOTNXX.BAK "
Sun 19 Jun 2005 4 A..H. --- "C:\WINDOWS\uccspecb.sys "
Wed 7 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe "
Wed 7 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe "
Wed 7 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe "
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe "
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
Thu 8 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Fri 8 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak "
Sat 10 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\HP_Owner\My Documents\~WRL1198.tmp "
Thu 16 Jun 2005 21,504 A..H. --- "C:\Documents and Settings\HP_Owner\My Documents\~WRL1512.tmp "
Thu 16 Jun 2005 19,968 A..H. --- "C:\Documents and Settings\HP_Owner\My Documents\~WRL2458.tmp "
Thu 18 May 2006 145,920 ..SHR --- "C:\Program Files\Smith Micro Software, Inc\iPod Photo Skins Creator\Setup.exe "
Thu 17 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp "
Tue 9 Jan 2007 19,456 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0003.tmp "
Thu 8 Mar 2007 29,184 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0005.tmp "
Sat 10 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0374.tmp "
Tue 13 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0414.tmp "
Tue 13 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0470.tmp "
Tue 13 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0546.tmp "
Thu 16 Jun 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0711.tmp "
Thu 16 Jun 2005 22,528 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0863.tmp "
Tue 13 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL1516.tmp "
Sat 10 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL1556.tmp "
Sat 10 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL2328.tmp "
Mon 19 Sep 2005 19,456 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL2700.tmp "
Sat 10 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL2773.tmp "
Tue 13 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL3193.tmp "
Thu 16 Jun 2005 27,136 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL3231.tmp "
Mon 19 Sep 2005 19,456 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL3322.tmp "
Sat 10 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL3772.tmp "
Thu 16 Jun 2005 27,136 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL3867.tmp "
Thu 16 Jun 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL3915.tmp "
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\U3\temp\Launchpad Removal.exe "
Mon 5 Mar 2007 24,646 ..SHR --- "C:\Deckard\System Scanner\20080616183248\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\Juniper Networks\setup\NeoterisSetupApp.exe "

Finished!

 

DSS scan

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-07-05 22:55:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:35 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160533832062
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Zero Connection (WinZConn) - Unknown owner - C:\WINDOWS\system32\mswnt.exe (file missing)

--
End of file - 13666 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 17:39:17 0 d-------- C:\WINDOWS\ERUNT
2008-06-28 14:24:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 14:24:31 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 14:24:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 14:24:31 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 14:24:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 14:24:31 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 14:24:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 14:24:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-28 14:24:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-28 14:24:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-28 14:24:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-28 14:24:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 14:24:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-28 14:24:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-28 14:24:30 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-28 14:24:30 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 14:24:30 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 14:24:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 14:24:30 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 14:24:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 14:24:29 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-24 21:55:24 0 drahs---- C:\autorun.inf
2008-06-21 21:44:34 106 --a------ C:\delete.bat
2008-06-17 19:40:39 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-17 19:40:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-17 19:40:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-17 19:40:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-17 19:40:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-17 19:40:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-17 19:40:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-17 19:40:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-16 20:45:36 0 d-------- C:\WINDOWS\pss
2008-06-16 18:37:12 0 d-------- C:\Program Files\Trend Micro
2008-06-15 17:37:29 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Program shim
2008-06-11 15:39:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-07-05 19:13:09 0 d-------- C:\Program Files\Common Files
2008-06-24 03:01:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-14 11:27:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-29 18:39:29 0 d-------- C:\Program Files\Wyzo
2008-05-29 18:38:37 0 d-------- C:\Program Files\BitDownload
2008-05-29 18:36:55 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-05-29 17:02:05 0 d-------- C:\Program Files\SCRABBLE
2008-05-29 17:01:59 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SpinTop
2008-05-29 15:47:42 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\GameHouse
2008-05-29 15:47:37 0 d-------- C:\Program Files\GameHouse
2008-05-29 14:44:29 0 d-------- C:\Program Files\MSN Games
2008-05-29 14:41:25 0 d-------- C:\Program Files\RealArcade
2008-05-19 18:40:38 0 d-------- C:\Program Files\music from upstairs


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 09:42 PM]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 11:43 PM]
"VTTimer "= "VTTimer.exe" []
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"AGRSMMSG "= "AGRSMMSG.exe" [06/29/2004 08:06 PM C:\WINDOWS\AGRSMMSG.exe]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [10/16/2002 07:57 PM]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/03/2005 12:45 PM]
"VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 05:32 PM]
"LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 03:24 PM]
"LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 03:14 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [06/03/2006 09:06 PM]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 02:44 PM]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2/27/2008 5:49:37 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [6/3/2006 9:06:34 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-05 22:57:26 ------------

 

Looks good. Scan again with HijackThis and place a check next to the following entries.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - Startup: PowerReg Scheduler.exe


Close all open browser windows then click Fix Checked.

Now lets get an online scan to see if we've missed anything. Please scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and a fresh HijackThis log to this topic.

 

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 08, 2008 10:35:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/07/2008
Kaspersky Anti-Virus database records: 932487
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 122079
Number of viruses found: 39
Number of infected objects: 77
Number of suspicious objects: 0
Duration of the scan process: 02:41:12

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f2119c9b08b4fc3e5240ee76f1ac2a3_303b27ec-7017-4205-a6fb-db2e48e75b9d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-07-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00BA3287.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00F52646.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01A92B80.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02222226.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0282149F Infected: not-a-virus:AdWare.Win32.WinAD.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02853E9C Infected: Trojan.Win32.SecondThought.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04F70B09.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe/data.rar/ntuser.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.lu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe/data.rar Infected: Backdoor.IRC.Zapchast skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe RarSFX: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE78F0.exe CryptFF: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06A1781E.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DE0698F.DLL Infected: Trojan.Win32.Delf.gh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13143954 Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1898792A Infected: not-a-virus:AdWare.Win32.WinAD.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19503861.htm Infected: Trojan-Downloader.JS.IstBar.ai skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A7C03EF.pif Infected: Backdoor.Win32.SdBot.ago skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FA45B81.exe Infected: Backdoor.Win32.Agent.jn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21893AC6.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\227F63B1.exe Infected: Backdoor.Win32.SdBot.ago skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\252A2DCC.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\252A2DCC.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\252A2DCC.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A42164A.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7616D3.exe Infected: Trojan-Downloader.Win32.VB.kq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D994825.dll Infected: not-a-virus:AdWare.Win32.180Solutions.i skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\301844C8 Infected: Trojan-Dropper.Win32.180Solutions.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304F722B.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\308311F1.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33B43426.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33BB081F.tmp Infected: Email-Worm.VBS.Gedza skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C2A42A5.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40E72C54.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42F433D3.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455640D8.tmp Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A87786E Infected: not-a-virus:AdWare.Win32.Comet.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D3F6EA7.exe Infected: Trojan-Downloader.Win32.Small.akz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\500F0660.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52DB57AA Infected: not-a-virus:AdWare.Win32.Comet.ai skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54C36EE0.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56AA5EC8.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.fx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56AA5EC8.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56AA5EC8.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A907C87.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C5F597C.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CB26C7B.VBS Infected: Email-Worm.VBS.Gedza skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CB94074.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CB94074.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CBC6A70.VBS Infected: Email-Worm.VBS.Gedza skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D9F4859.htm Infected: Exploit.HTML.IESlice.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60E3029A Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60E62C97 Infected: Trojan-Downloader.Win32.Agent.gn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64D003D4 Infected: Trojan-Downloader.Win32.IstBar.ir skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64D657CD Infected: not-a-virus:AdWare.Win32.WinAD.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\670412DC.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B733A12 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C5B2AE2.exe Infected: Trojan-Downloader.Win32.Small.dmj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8976B0.wmf Infected: Exploit.Win32.IMG-WMF.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8C20AC.com Infected: Trojan-Downloader.Win32.Small.dmj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8C20AC.tmp Infected: Trojan-Downloader.Win32.Small.dmj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DA0006E.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71646B3A.scr Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71776724.tmp Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\773755E0.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\773B7FDC.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\773B7FDC.sys Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\773B7FDC.tmp Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\773E29D9.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\774153D5.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C4A1F69.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DC17BCC.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E3D3743.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F1F5077.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\HP_Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Aim\vupygwij\mpbluedevils23\cert8.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Aim\vupygwij\mpbluedevils23\key3.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF3956.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF3969.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\L0000007.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0366NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0508NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP25\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_jxN3B3pAnXZdd1Q Object is locked skipped
C:\WINDOWS\Temp\mcmsc_lHqhn31p3N69mn8 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP25\change.log Object is locked skipped
K:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP25\change.log Object is locked skipped
K:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

Scan process completed.

 

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:36 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\mcafee\msc\mcupdui.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\vso\mcappins.exe
c:\program files\mcafee.com\shared\mghtml.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160533832062
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Zero Connection (WinZConn) - Unknown owner - C:\WINDOWS\system32\mswnt.exe (file missing)

--
End of file - 13727 bytes



Thanks again for all of your help thus far!

 

First, please upload the following file to my submission channel for analysis. Leave a link back to this topic.

C:\SDFix\backups\backups.zip

Thanks!

The infected items in the Kaspersky scan are in Norton's quarantine. Please open the Norton interface and remove all objects in quarantine. I've included a summary of what's in there at the bottom of this post.


Now, I forgot to nuke those LOP folders. Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Folder::
C:\Documents and Settings\All Users\Application Data\Great Coal Love Default
C:\Documents and Settings\Hp_owner\Application Data\Program Shim
C:\Documents and Settings\Localservice\Application Data\Program Shim
C:\SDFix

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Norton Quarantine
Backdoor.IRC.Zapchast
Backdoor.Win32.Agent.jn
Backdoor.Win32.HacDef.fv
Backdoor.Win32.HacDef.fw
Backdoor.Win32.Iroffer.14b2
Backdoor.Win32.SdBot.aad
Backdoor.Win32.SdBot.ago
Email-Worm.VBS.Gedza
Exploit.HTML.IESlice.d
Exploit.Win32.IMG-WMF.u
P2P-Worm.Win32.VB.dw
Server-FTP.Win32.Serv-U.gen
Server-FTP.Win32.Serv-U.lu
Trojan-Downloader.JS.IstBar.ai
Trojan-Downloader.Win32.Agent.gn
Trojan-Downloader.Win32.IstBar.ir
Trojan-Downloader.Win32.PurityScan.fx
Trojan-Downloader.Win32.Small.akz
Trojan-Downloader.Win32.Small.dmj
Trojan-Downloader.Win32.VB.kq
Trojan-Dropper.Win32.180Solutions.a
Trojan-Dropper.Win32.VB.lu
Trojan-Dropper.Win32.VB.nn
Trojan.BAT.Zapchast
Trojan.Win32.Crypt.e
Trojan.Win32.Delf.gh
Trojan.Win32.SecondThought.aa
Win32.180Solutions
Win32.180Solutions.i
Win32.180Solutions.q
Win32.180Solutions.x
Win32.Comet.ai
Win32.Comet.h
Win32.MDH.a
Win32.MediaMotor.u
Win32.Virtumonde.gen
Win32.WinAD.an
Win32.WinAD.n
Win32.WinAD.v

 

ComboFix 08-07-10.1 - HP_Owner 2008-07-09 19:00:22.3 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Great Coal Love Default
C:\Documents and Settings\All Users\Application Data\Great Coal Love Default\SUPPORT DALE.exe
C:\Documents and Settings\Hp_owner\Application Data\Program Shim
C:\Documents and Settings\Localservice\Application Data\Program Shim
C:\Documents and Settings\Localservice\Application Data\Program Shim\does acid.exe
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HaxdFix.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-08 19:23 . 2008-07-08 19:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-08 19:23 . 2008-07-08 19:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-08 19:18 . 2008-07-08 19:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-08 19:18 . 2008-07-08 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-05 17:39 . 2008-07-05 17:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-28 14:24 . 2004-08-12 00:09 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-28 14:24 . 2004-08-12 02:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-28 14:24 . 2004-08-12 00:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-28 14:24 . 2004-08-12 00:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-28 14:24 . 2008-06-28 14:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-21 21:44 . 2008-06-21 21:44 106 --a------ C:\delete.bat
2008-06-16 18:37 . 2008-06-16 18:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 18:30 . 2008-06-15 18:30 <DIR> d-------- C:\Deckard
2008-06-14 18:19 . 2008-06-14 18:19 86 --a------ C:\WINDOWS\wininit.ini
2008-06-11 15:39 . 2008-06-11 15:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 15:39 . 2008-06-11 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 18:33 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:33 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 23:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 15:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-29 22:39 --------- d-----w C:\Program Files\Wyzo
2008-05-29 22:38 --------- d-----w C:\Program Files\BitDownload
2008-05-29 22:36 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-05-29 21:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 21:02 --------- d-----w C:\Program Files\SCRABBLE
2008-05-29 21:01 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\SpinTop
2008-05-29 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-05-29 19:47 --------- d-----w C:\Program Files\GameHouse
2008-05-29 19:47 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\GameHouse
2008-05-29 18:44 --------- d-----w C:\Program Files\MSN Games
2008-05-29 18:41 --------- d-----w C:\Program Files\RealArcade
2008-05-19 22:40 --------- d-----w C:\Program Files\music from upstairs
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-17_19.51.03.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2008-06-17 23:14:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 07:09:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-27 07:52:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-05 21:39:57 9,101,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-05 21:39:58 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-27 07:52:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-05 21:39:37 9,101,312 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-05 21:39:37 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2004-08-04 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-06-03 21:06 20480]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-03 12:45 99984]
"VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"CleanUp "= "C:\PROGRA~1\McAfee.com\Shared\mcappins.exe" [2006-07-09 14:42 136752]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-02-25 08:04 496752 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 21:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-01-26 18:20 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-11 23:52 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2005-08-18 14:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2006-12-12 15:45 21464 C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe "=
"C:\\StubInstaller.exe "=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "=
"C:\\Program Files\\Rocky Mountain Trophy Hunter 3\\Rocky Mountain Trophy Hunter 3.exe "=
"C:\\WINDOWS\\system32\\dplaysvr.exe "=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Documents and Settings\\HP_Owner\\Desktop\\Ryan\\My DSC\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "=
"C:\\Program Files\\AIM\\aim.exe "=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\AOL 9.0\\waol.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Documents and Settings\\HP_Owner\\My Documents\\! star wars battlefront 2\\LimeWire\\LimeWire.exe "=
"C:\\Documents and Settings\\HP_Owner\\My Documents\\Games\\AOE\\empires2.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


.
Contents of the 'Scheduled Tasks' folder
"2008-07-06 00:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-07-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-07-05 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job "
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-07-11 21:04:02 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VTTimer - VTTimer.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 19:07:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-11 17:05:33
ComboFix-quarantined-files.txt 2008-07-11 21:05:25
ComboFix2.txt 2008-06-25 02:10:09
ComboFix3.txt 2008-06-17 23:53:34

Pre-Run: 10,512,384,000 bytes free
Post-Run: 10,477,678,592 bytes free

350 --- E O F --- 2008-07-09 07:02:00

 

Looks great. How's your computer behaving now?

 

Thank You!!!

Its working so much better, I can actually feel like I'm not using dial up again! Thank you very much for helping me get rid of the viruses.

 

Glad I could help.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!