Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I have company? [CLOSED]


  • This topic is locked This topic is locked

#16
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [fufokoo] C:\WINDOWS\system32\noucouzipyz.exe
O4 - HKLM\..\RunServices: [fufokoo] C:\WINDOWS\system32\noucouzipyz.exe


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
E96CTIMJHI4EUHO

File::
C:\WINDOWS\system32\wennouwibas.exe
C:\WINDOWS\system32\noucouzipyz.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fufokoo"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements


#17
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
for some reason combofix didn't generate a new log file. Shall I try again??

Here is the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49, on 2008-07-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\noucouzipyz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [fufokoo] C:\WINDOWS\system32\noucouzipyz.exe
O4 - HKLM\..\RunServices: [fufokoo] C:\WINDOWS\system32\noucouzipyz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Blue Coat K9 Web Protection (e96ctimjhi4euho) - Unknown owner - C:\WINDOWS\system32\wennouwibas.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11944 bytes
  • 0

#18
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
:) :) I am getting the feeling we aren't getting anywhere.... I still see both items in this log..... [bleep] the [bleep] K9 crap is still there too!!!!!

:) Please don't give up on me!!!!
  • 0

#19
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please find combofix log at C:\combofix.txt and post its content here :)
  • 0

#20
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OK here is the log file from combo fix.......

ComboFix 08-07-29.1 - Owner 2008-07-30 22:07:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1427 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jordyn\Application Data\macromedia\Flash Player\#SharedObjects\HQCG5ELZ\interclick.com
C:\Documents and Settings\Jordyn\Application Data\macromedia\Flash Player\#SharedObjects\HQCG5ELZ\interclick.com\ud.sol
C:\Documents and Settings\Jordyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Jordyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Torey\Application Data\macromedia\Flash Player\#SharedObjects\AATETEUQ\interclick.com
C:\Documents and Settings\Torey\Application Data\macromedia\Flash Player\#SharedObjects\AATETEUQ\interclick.com\ud.sol
C:\Documents and Settings\Torey\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Torey\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\msblcd32.dll
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 21:49 . 2008-07-30 21:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-30 20:58 . 2008-07-20 21:40 142,336 --a------ C:\WINDOWS\system32\wennouwibas.exe
2008-07-30 20:55 . 2008-07-30 20:55 <DIR> d-------- C:\_OTMoveIt
2008-07-30 16:06 . 2008-07-30 16:06 <DIR> d-------- C:\Deckard
2008-07-30 14:01 . 2008-07-20 21:40 142,336 --a------ C:\WINDOWS\system32\noucouzipyz.exe
2008-07-29 22:12 . 2008-07-30 18:52 <DIR> d-------- C:\Program Files\Norton 360
2008-07-29 22:11 . 2008-07-30 08:39 <DIR> d-------- C:\Program Files\Symantec
2008-07-29 22:11 . 2008-07-30 08:39 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-29 22:11 . 2008-07-30 08:39 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-29 22:09 . 2008-07-30 08:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48 . 2008-07-29 18:48 <DIR> d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46 . 2008-07-29 18:46 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30 . 2008-07-29 15:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-28 21:46 . 2008-07-28 21:46 <DIR> d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42 . 2008-07-28 21:42 <DIR> d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27 . 2008-07-28 21:27 <DIR> d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20 . 2008-07-28 21:20 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 21:20 . 2008-07-28 21:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20 . 2008-07-28 21:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 18:25 . 2008-07-28 21:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44 . 2008-07-28 17:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44 . 2008-07-28 17:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:44 . 2008-07-28 17:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44 . 2008-07-28 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:40 . 2008-07-28 21:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24 . 2008-07-30 20:12 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31 . 2008-07-28 11:31 <DIR> d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:06 . 2008-07-28 11:06 <DIR> d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-27 21:40 . 2008-07-27 21:40 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:16 . 2008-07-27 21:16 268 --ah----- C:\sqmdata05.sqm
2008-07-27 21:16 . 2008-07-27 21:16 244 --ah----- C:\sqmnoopt05.sqm
2008-07-27 20:53 . 2008-07-27 20:53 <DIR> d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 18:11 . 2008-07-27 19:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11 . 2008-07-27 18:11 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 18:11 . 2008-07-27 18:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11 . 2008-07-27 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-27 18:11 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-27 15:31 . 2008-07-27 15:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-26 12:36 . 2008-07-26 12:36 <DIR> d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50 . 2008-07-25 15:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24 . 2008-07-21 17:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 18:30 . 2008-07-22 21:58 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-07-19 16:17 . 2008-07-19 16:17 268 --ah----- C:\sqmdata04.sqm
2008-07-19 16:17 . 2008-07-19 16:17 244 --ah----- C:\sqmnoopt04.sqm
2008-07-19 14:26 . 2008-07-19 14:28 <DIR> d-------- C:\Documents and Settings\Torey\Contacts
2008-07-19 10:19 . 2008-07-19 10:19 268 --ah----- C:\sqmdata03.sqm
2008-07-19 10:19 . 2008-07-19 10:19 244 --ah----- C:\sqmnoopt03.sqm
2008-07-18 23:04 . 2008-07-18 23:04 268 --ah----- C:\sqmdata02.sqm
2008-07-18 23:04 . 2008-07-18 23:04 244 --ah----- C:\sqmnoopt02.sqm
2008-07-18 15:23 . 2008-07-18 15:23 <DIR> d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02 . 2008-07-18 11:06 <DIR> d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 10:51 . 2008-07-18 10:51 268 --ah----- C:\sqmdata01.sqm
2008-07-18 10:51 . 2008-07-18 10:51 244 --ah----- C:\sqmnoopt01.sqm
2008-07-18 07:11 . 2008-07-18 07:42 <DIR> d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 11:46 . 2008-07-17 11:46 268 --ah----- C:\sqmdata00.sqm
2008-07-17 11:46 . 2008-07-17 11:46 244 --ah----- C:\sqmnoopt00.sqm
2008-07-17 10:13 . 2008-07-17 10:26 <DIR> d-------- C:\Program Files\Windows Live
2008-07-17 10:13 . 2008-07-17 10:18 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13 . 2008-07-17 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-24 20:33 . 2008-06-24 20:33 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31 . 2008-06-24 20:31 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-06-17 16:42 . 2008-06-17 16:42 <DIR> d-------- C:\Documents and Settings\Torey\Application Data\FUJIFILM
2008-06-17 16:42 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-17 16:42 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-17 16:42 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-17 16:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-17 16:10 . 2008-06-20 14:01 <DIR> d-------- C:\Documents and Settings\Torey\Application Data\Symantec
2008-06-14 22:51 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 22:51 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-08 20:43 . 2008-06-08 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-06-06 19:49 . 2008-06-06 19:49 <DIR> d-------- C:\Documents and Settings\Alyc\Application Data\Symantec
2008-06-05 04:49 . 2008-06-05 04:49 260 --a------ C:\WINDOWS\_delis32.ini
2008-06-05 04:33 . 2008-06-05 04:49 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-06-05 04:33 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-06-05 04:32 . 2008-06-05 04:50 <DIR> d-------- C:\Program Files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 02:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-30 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-30 13:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-30 13:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-19 23:08 --------- d-----w C:\Program Files\Java
2008-06-25 01:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-30 17:48 --------- d-----w C:\Program Files\Windows Mobile Device Handbook
2008-05-30 17:48 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-29 02:07 --------- d-----w C:\Documents and Settings\Jordyn\Application Data\Apple Computer
2008-05-29 02:05 --------- d-----w C:\Documents and Settings\Jordyn\Application Data\Symantec
2008-05-27 03:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-27 03:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-27 03:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-27 03:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-27 03:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-27 03:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-27 03:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-27 03:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-27 03:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-27 03:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-27 03:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-27 03:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-27 03:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-27 03:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-27 03:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-27 03:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-27 03:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-27 03:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-27 03:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-27 03:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-27 03:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-27 03:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-27 03:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-27 03:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-27 03:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-27 03:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-27 02:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-27 02:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
2008-05-24 15:41 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-05-24 07:52 934,607 ----a-w C:\WINDOWS\system32\JGScreensaver_3.scr
2008-05-24 00:13 155,995 ----a-w C:\WINDOWS\java\Packages\FD7LVJJP.ZIP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 11:40 149040]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 07:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 07:44 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 01:25 363008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 21:02 153136]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-07 11:32 1057328]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 21:45 28672]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [2008-04-22 12:20 1671168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 14:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 09:50 988512]
"fufokoo"="C:\WINDOWS\system32\noucouzipyz.exe" [2008-07-20 21:40 142336]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 04:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-05-24 11:07:32 303104]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-07-21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpeedTestPro - C:\Program Files\SpeedTestPro\SpeedTestPro.exe


.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 22:09:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-30 22:09:51
ComboFix-quarantined-files.txt 2008-07-31 03:09:46

Pre-Run: 48,712,335,360 bytes free
Post-Run: 48,703,356,928 bytes free

285 --- E O F --- 2008-06-19 23:33:59


It wasn't as easy to find it was in a folde called "QooBox" :)
  • 0

#21
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
have you do the CFScript drag thingy?.. This is not the log that I expected.. Can you find combofix2.txt or something similar? combofix3.txt or so on? if yes, please post the log here.. If you can't find it, then tell me :)
  • 0

#22
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Thats what I was trying to tell you..... I don't believe it worked that time. What I cut and pasted was in combofix.......it got REALLY BIG and then the machine restarted. I found two shortcuts...... two titles...... combofix.txt/combofix2.txt both linked this file ??????? [bleep] thing is getting under my skin.
Got a grenade? :) :) :)
  • 0

#23
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Thats what I was trying to tell you..... I don't believe it worked that time. What I cut and pasted was in combofix.......it got REALLY BIG and then the machine restarted. I found two shortcuts...... two titles...... combofix.txt/combofix2.txt both linked this file ??????? [bleep] thing is getting under my skin.
Got a grenade? :) :) :)


Wow.. Cool down.. Lets try a different route this time...


Please save this instruction in a Notepad or MS-Word as we have to do the next step in Safe Mode..



Please disable your Norton 360 prior to our fix.. Please visit below websites if you do not know how.. Don't forget to re-enable them back when you restart into Normal Mode..
http://service1.syma...003071515220236
http://service1.syma...d/1997121131456




1. Please download The Avenger by Swandog46 to your Desktop.
  • Please reboot into Safe Mode
  • Once you are in Safe Mode,, right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Drivers to disable:
e96ctimjhi4euho

Drivers to delete:
e96ctimjhi4euho

Files to delete:
C:\WINDOWS\system32\wennouwibas.exe
C:\WINDOWS\system32\noucouzipyz.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | fufokoo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices | fufokoo

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log .
  • 0

#24
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OK here goes.............

Avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "e96ctimjhi4euho" disabled successfully.
Driver "e96ctimjhi4euho" deleted successfully.
File "C:\WINDOWS\system32\wennouwibas.exe" deleted successfully.
File "C:\WINDOWS\system32\noucouzipyz.exe" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fufokoo" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices|fufokoo" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


DSS log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 01:09:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:09, on 2008-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11692 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-07-31 01:08:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-02 09:15:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-30 12:49:10 2528 --a------ C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2008-05-24 10:47:37 2078 --a------ C:\Documents and Settings\Owner\Application Data\HPSU_48BitScanUpdate.log
2008-05-24 10:42:08 37631 --a------ C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-30 13:44 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-07-29 22:13 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 13:44 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 04:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 07:44]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 07:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 01:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 21:02]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-07 11:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 21:45]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [2008-04-22 12:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 14:37]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 09:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 11:40]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-05-24 11:07:32]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-31 01:09:39 ------------

Hope those look better. I know you have other people needing help also. I'm sure you are ready for a new case.
  • 0

#25
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ah.. This looks nicer.. How is your computer now?

I noticed you already have Malwarebytes' in your computer.. So I guess you can run it on your own right? :)


Lets do an online scan to see what's left.. if any..


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Regards
fenzodahl512
  • 0

Advertisements


#26
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Downloading database updates..... Will run and post results in the A.M.! It's getting late here. I hope that we have it now. Is it getting late for you as well??

Thank you for your patience..... :) I will reply tomorrow with results.

Am I running enough protection to prevent this again?

I hope you have saved me from a :) moment.
  • 0

#27
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Don't worry.. If you have an active antivirus and firewall, you should be good.. Will wait for your result.. Do tell me about your computer behaviour in your next reply.. It's nearly 4pm in Malaysia.. Think wanna go out and have some fun :)
  • 0

#28
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Good Morning/Evening there........ I ran the scans here are the latest logs

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 31, 2008 07:48:46
Records in database: 1032748
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Z:\

Scan statistics:
Files scanned: 78491
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:43:33


File name / Threat name / Threats count
F:\fuwobajep.exe Infected: Trojan-Downloader.Win32.Agent.wkr 1
G:\jupawibyp.exe Infected: Trojan-Downloader.Win32.Agent.wkr 1

The selected area was scanned.


I manually removed them to recycle bin and deleted.

Ran another scan it came back clean.

HJT latest log (this morning):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44, on 2008-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11096 bytes

As for the computers behavior:

1. its a little lagging on startup but not bad. ;)
2.task manager still wont stay open on limited accts. :)
3 %&@#^&%) norton still isn't protecting the limited accts either. (may be safer to make everyone admin. and threaten them not to mess up machine) :):) :)

Thanks so much for helping me out. I could not have gotten this far without your help. :)
  • 0

#29
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
not sure about those limited accounts.. To make everyone as Admin is not a bad idea..


Firstly do this...

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
F:\fuwobajep.exe
G:\jupawibyp.exe
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Try this on limited accounts and then tell me about the Task Manager thingy..


Please download from Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Then post OTMoveIt2 log along with a fresh DSS log :)
  • 0

#30
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OK i'm back....been busy... logs will follow! :)

OK ran the move it Here's the log:

Explorer killed successfully
File/Folder F:\fuwobajep.exe not found.
File/Folder G:\jupawibyp.exe not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF17F9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETAB43.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_131436

Files moved on Reboot...
C:\DOCUME~1\Owner\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF17F9.tmp moved successfully.
File C:\WINDOWS\temp\JETAB43.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat not found!

Ran DSS heres the log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 13:31:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31, on 2008-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10675 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-31 13:26:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-02 09:15:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-30 12:49:10 2528 --a------ C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2008-05-24 10:47:37 2078 --a------ C:\Documents and Settings\Owner\Application Data\HPSU_48BitScanUpdate.log
2008-05-24 10:42:08 37631 --a------ C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-30 13:44 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-07-29 22:13 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 13:44 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 04:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 07:44]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 07:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 01:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 21:02]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-07 11:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 21:45]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [2008-04-22 12:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 14:37]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 09:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 11:40]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-05-24 11:07:32]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - APPMGMT
*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-31 13:31:28 ------------



Tried the flash disinfector on Jordyn's profile..... didn't seem to change anything!

Removed Microsoft active sync as it kept opening on login (used to not do this) and I don't use it anyway! :)

Made all limited accts admin. :)

Then just for grins I ran DSS in Jordyn's Profile!

Deckard's System Scanner v20071014.68
Run by Jordyn on 2008-07-31 13:32:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jordyn.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:41 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\noucouzipyz.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jordyn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [fufokoo] C:\Documents and Settings\Jordyn\Application Data\Microsoft\noucouzipyz.exe
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Owner')
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11745 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 13:32:43 142336 -ra------ C:\WINDOWS\system32\wennouwibas.exe
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 22:05:39 142336 -ra------ C:\WINDOWS\system32\noucouzipyz.exe
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-31 13:26:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 11:29:49 2528 --a------ C:\Documents and Settings\Jordyn\Application Data\$_hpcst$.hpc
2008-06-05 16:34:50 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Sun
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Jordyn\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/20
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP