Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Warning Spyware Detected On Your Computer [RESOLVED]


  • This topic is locked This topic is locked

#1
Juan1959

Juan1959

    Member

  • Member
  • PipPip
  • 33 posts
I think I'm infected with the Warning Spyware Detected On Your Computer malware. After a series of blue screens with text, the desktop background changed to the Warning message and I could not access my display options to change it. Also, the system restore did not allow anything prior to the moment the screens went blue with text. I did track a couple of other postings on this topic and went ahead and ran Combofix, but not sure I got everything. I also went through the prework and created a Highjack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:34 AM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = http://205.177.122.7...rch.php?id=5&s=
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.x-x-x-hos...201055066900177
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://205.177.122.7...rch.php?id=5&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\INAFA3~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\8BB7M4D1\ADA661~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\G5Y7S9IJ\NAN29_~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\ANONYM~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\G5Y7S9IJ\ADAA6F~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\1019_4~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\8BB7M4D1\OUT_2_~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\AD8F6D~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://lhh.webex.co...bex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...598/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11501 bytes

Edited by Juan1959, 23 August 2008 - 01:46 AM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Juan1959

Juan1959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
This is the combofix log I ran. The Highjack this log in my previous post was run after the Combofix log.

Thanks!


ComboFix 08-08-21.02 - Loren 2008-08-23 1:09:03.1 - NTFSx86
Running from: C:\Documents and Settings\Loren\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Loren\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Loren\Application Data\macromedia\Flash Player\#SharedObjects\7QW58GC4\interclick.com
C:\Documents and Settings\Loren\Application Data\macromedia\Flash Player\#SharedObjects\7QW58GC4\interclick.com\ud.sol
C:\Documents and Settings\Loren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Loren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\Microsoft Security Adviser
C:\Program Files\Microsoft Security Adviser\msctrl.log
C:\Program Files\Microsoft Security Adviser\mssadv.log
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\kdtch.exe
C:\WINDOWS\system32\lphc7sgj0ecdg.exe
C:\WINDOWS\system32\phc7sgj0ecdg.bmp
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\aux.txz

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-17 09:04 . 2008-08-17 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-17 03:06 . 2008-08-17 03:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-16 12:16 . 2008-08-16 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-16 12:16 . 2008-08-16 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-16 12:15 . 2008-08-16 12:15 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-16 12:08 . 2007-03-17 01:39 958,464 -ra------ C:\WINDOWS\SYSTEM32\hpotiop4.dll
2008-08-16 12:08 . 2007-03-17 01:39 675,840 -ra------ C:\WINDOWS\SYSTEM32\hpowiax4.dll
2008-08-16 12:08 . 2007-03-17 01:39 303,104 -ra------ C:\WINDOWS\SYSTEM32\hpovst11.dll
2008-08-16 12:07 . 2008-08-16 12:16 <DIR> d-------- C:\Program Files\HP
2008-08-16 12:04 . 2008-08-16 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-16 12:04 . 2008-08-17 09:05 139,811 --a------ C:\WINDOWS\hpoins15.dat
2008-08-16 12:04 . 2007-09-20 15:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-08-16 12:03 . 2007-03-30 10:29 267,864 -ra------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2008-08-16 12:03 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll
2008-08-16 11:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-08-16 11:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2008-08-16 11:59 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2008-08-16 11:59 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys
2008-07-27 09:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\SYSTEM32\msonpmon.dll
2008-07-27 09:36 . 2008-07-27 09:36 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-27 09:34 . 2008-07-27 09:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-27 09:27 . 2008-08-16 03:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 06:23 18,688 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-20 02:26 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-17 14:00 --------- d-----w C:\Program Files\JUSearch
2008-08-17 13:56 --------- d-----w C:\Documents and Settings\Loren\Application Data\AdobeUM
2008-08-17 13:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-16 17:23 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-16 16:22 --------- d-----w C:\Program Files\iTunes
2008-08-16 16:21 --------- d-----w C:\Program Files\iPod
2008-08-16 16:14 --------- d-----w C:\Program Files\QuickTime
2008-08-10 23:02 --------- d-----w C:\Documents and Settings\Loren\Application Data\SiteAdvisor
2008-08-02 20:26 --------- d-----w C:\Documents and Settings\Bridget\Application Data\SiteAdvisor
2008-08-02 19:14 --------- d-----w C:\Documents and Settings\Wendy\Application Data\SiteAdvisor
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 15:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2005-01-09 15:06 184,680 -c--a-w C:\Documents and Settings\Loren\Application Data\shb.dat
2003-01-04 22:19 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"spc_w"="C:\Program Files\JUSearch\juspc.exe" [2004-11-09 03:37 286786]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [2007-12-04 13:32 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 21:05 323584]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36 50688]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-12-19 21:37 36952]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 11:44 303104]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 02:26 185896]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-21 14:54 5078592]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Dit"="Dit.exe" [2004-12-17 14:21 94208 C:\WINDOWS\Dit.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-23 01:23]
S0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\System32\DRIVERS\ppa.sys [2001-08-17 14:53]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2004-12-11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102778278.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52]

2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-19 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
- C:\Program Files\SpywareBot\SpywareBot.exe []

2008-08-19 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
- C:\Program Files\SpywareBot []

2008-08-23 C:\WINDOWS\Tasks\wrSpySweeper20070209221549.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-23 C:\WINDOWS\Tasks\wrSpySweeper20070401180509.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-23 C:\WINDOWS\Tasks\wrSpySweeper20070401180546.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-23 C:\WINDOWS\Tasks\wrSpySweeper20070401180553.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-23 C:\WINDOWS\Tasks\wrSpySweeper20070401180629.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-19 C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-21 14:54]

2008-08-19 C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-21 14:54]

2008-08-19 C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
- A:\","C:\","D:\","E:\" []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
HKCU-Run-McAfee.InstantUpdate.Monitor - C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
HKLM-Run-tcactive - C:\Program Files\The Cleaner\tca.exe
HKLM-Run-tcmonitor - C:\Program Files\The Cleaner\tcm.exe
HKLM-Run-McAfee Guardian - C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
HKLM-Run-SpywareBot - C:\Program Files\SpywareBot\SpywareBot.exe
HKLM-Run-lphc7sgj0ecdg - C:\WINDOWS\system32\lphc7sgj0ecdg.exe
HKLM-Run-sysrest32.exe - C:\WINDOWS\system32\sysrest32.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Loren\Application Data\Mozilla\Firefox\Profiles\v8rf4hh9.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 01:23:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6172\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-08-23 1:37:58 - machine was rebooted [Loren]
ComboFix-quarantined-files.txt 2008-08-23 06:37:45

Pre-Run: 27,274,547,200 bytes free
Post-Run: 27,425,751,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

231 --- E O F --- 2008-08-17 08:08:36
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HJT log
  • 0

#5
Juan1959

Juan1959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi,

As suggested, here is the report after running Kaspersky and HJT.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 23, 2008 13:54:09
Records in database: 1133192
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 77265
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:49:17


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lphc7sgj0ecdg.exe.vir Infected: Trojan-Downloader.Win32.Small.abtd 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sysrest32.exe.vir Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001036.exe Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001037.exe Infected: Trojan-Downloader.Win32.Small.abtd 1

The selected area was scanned.


***********************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:02 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = http://205.177.122.7...rch.php?id=5&s=
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.x-x-x-hos...201055066900177
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://205.177.122.7...rch.php?id=5&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\INAFA3~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\8BB7M4D1\ADA661~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\G5Y7S9IJ\NAN29_~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\ANONYM~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\G5Y7S9IJ\ADAA6F~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\1019_4~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\8BB7M4D1\OUT_2_~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\AD8F6D~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://lhh.webex.co...bex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...598/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11831 bytes

Thanks for your help!!
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe

Folder::
C:\Program Files\JUSearch

Registry::
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
Juan1959

Juan1959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thanks Rorschach112! Attached are the results of your recommended next steps.

SDFix: Version 1.219
Run by Loren on Sun 08/24/2008 at 08:56 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 16:34:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Tue 30 May 2006 61,952 ...H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Tue 30 May 2006 308,224 ...H. --- "C:\Program Files\MSN\txsrvc.dll"
Tue 30 May 2006 302,592 ...H. --- "C:\Program Files\MSN\unicows.dll"
Thu 15 May 2003 73,728 A..H. --- "C:\WINDOWS\SYSTEM32\IETie.dll"
Sun 24 Jul 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 8 Jul 2007 49,152 ...H. --- "C:\Documents and Settings\Bridget\My Documents\~WRL2161.tmp"
Sun 8 Jul 2007 24,064 ...H. --- "C:\Documents and Settings\Bridget\My Documents\~WRL2314.tmp"
Sun 8 Jul 2007 24,576 ...H. --- "C:\Documents and Settings\Bridget\My Documents\~WRL3948.tmp"
Sun 8 Jul 2007 24,064 ...H. --- "C:\Documents and Settings\Bridget\My Documents\~WRL3984.tmp"
Sat 8 Dec 2007 25,088 ...H. --- "C:\Documents and Settings\Loren\My Documents\~WRL0101.tmp"
Tue 4 Dec 2007 25,088 ...H. --- "C:\Documents and Settings\Loren\My Documents\~WRL2171.tmp"
Sun 6 May 2007 20,992 ...H. --- "C:\Documents and Settings\Loren\My Documents\~WRL2962.tmp"
Sun 9 Dec 2007 25,088 ...H. --- "C:\Documents and Settings\Loren\My Documents\~WRL3733.tmp"
Sun 3 Feb 2008 403 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti250.tmp"
Sat 5 Apr 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sat 5 Apr 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Tue 25 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 18 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT79.tmp"
Sun 24 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Loren\My Documents\My Music\License Backup\drmv1key.bak"
Fri 7 Oct 2005 20 A..H. --- "C:\Documents and Settings\Loren\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 3 Sep 2005 400 A.SH. --- "C:\Documents and Settings\Loren\My Documents\My Music\License Backup\drmv2key.bak"

Finished!

****************************

COMBOFIX LOG

ComboFix 08-08-23.03 - Loren 2008-08-24 17:02:29.2 - NTFSx86
Running from: C:\Documents and Settings\Loren\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Loren\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\JUSearch
C:\Program Files\JUSearch\hcmconf.ini
C:\Program Files\JUSearch\juspc.exe
C:\Program Files\JUSearch\regconf.ini
C:\Program Files\JUSearch\search.log
C:\Program Files\JUSearch\SearchEnh1.dll
C:\Program Files\JUSearch\settings.xml
C:\Program Files\JUSearch\txlog.xml
C:\Program Files\JUSearch\Uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 08:50 . 2008-08-24 08:50 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-24 08:49 . 2008-08-24 08:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-08-24 08:44 . 2008-08-24 16:40 <DIR> d-------- C:\SDFix
2008-08-23 09:40 . 2008-08-23 09:40 <DIR> d-------- C:\WINDOWS\Sun
2008-08-23 09:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-08-23 09:36 . 2008-08-23 09:37 <DIR> d-------- C:\Program Files\Java
2008-08-23 09:35 . 2008-08-23 09:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-23 01:54 . 2008-08-23 01:54 <DIR> d-------- C:\Program Files\ERUNT
2008-08-17 09:04 . 2008-08-17 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-17 03:06 . 2008-08-17 03:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-16 12:16 . 2008-08-16 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-16 12:16 . 2008-08-16 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-16 12:15 . 2008-08-16 12:15 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-16 12:08 . 2007-03-17 01:39 958,464 -ra------ C:\WINDOWS\SYSTEM32\hpotiop4.dll
2008-08-16 12:08 . 2007-03-17 01:39 675,840 -ra------ C:\WINDOWS\SYSTEM32\hpowiax4.dll
2008-08-16 12:08 . 2007-03-17 01:39 303,104 -ra------ C:\WINDOWS\SYSTEM32\hpovst11.dll
2008-08-16 12:07 . 2008-08-16 12:16 <DIR> d-------- C:\Program Files\HP
2008-08-16 12:04 . 2008-08-16 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-16 12:04 . 2008-08-17 09:05 139,811 --a------ C:\WINDOWS\hpoins15.dat
2008-08-16 12:04 . 2007-09-20 15:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-08-16 12:03 . 2007-03-30 10:29 267,864 -ra------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2008-08-16 12:03 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll
2008-08-16 11:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-08-16 11:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2008-08-16 11:59 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2008-08-16 11:59 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys
2008-07-27 09:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\SYSTEM32\msonpmon.dll
2008-07-27 09:36 . 2008-07-27 09:36 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-27 09:34 . 2008-07-27 09:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-27 09:27 . 2008-08-23 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 21:45 18,688 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-23 06:59 --------- d-----w C:\Program Files\Trend Micro
2008-08-20 02:26 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-17 13:56 --------- d-----w C:\Documents and Settings\Loren\Application Data\AdobeUM
2008-08-17 13:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-16 17:23 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-16 16:22 --------- d-----w C:\Program Files\iTunes
2008-08-16 16:21 --------- d-----w C:\Program Files\iPod
2008-08-16 16:14 --------- d-----w C:\Program Files\QuickTime
2008-08-10 23:02 --------- d-----w C:\Documents and Settings\Loren\Application Data\SiteAdvisor
2008-08-02 20:26 --------- d-----w C:\Documents and Settings\Bridget\Application Data\SiteAdvisor
2008-08-02 19:14 --------- d-----w C:\Documents and Settings\Wendy\Application Data\SiteAdvisor
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 15:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2005-01-09 15:06 184,680 -c--a-w C:\Documents and Settings\Loren\Application Data\shb.dat
2003-01-04 22:19 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( [email protected]_ 1.34.50.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-27 14:35:27 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-08-23 08:13:23 783,744 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\8-23-2008\ERDNT.EXE
+ 2008-08-23 06:56:15 7,024,640 ----a-w C:\WINDOWS\erdnt\8-23-2008\Users\00000001\ntuser.dat
+ 2008-08-23 06:56:15 135,168 ----a-w C:\WINDOWS\erdnt\8-23-2008\Users\00000002\UsrClass.dat
+ 2008-08-07 21:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-24 13:51:20 7,045,120 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-24 13:51:20 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 21:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-24 13:50:58 7,045,120 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-24 13:50:58 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2006-10-27 00:49:48 1,011,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-27 00:49:46 970,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 20:00:12 1,751,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 20:00:10 576,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 20:00:06 47,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 20:00:08 191,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 01:13:34 338,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 01:13:44 629,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 01:13:28 207,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 01:13:32 279,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 01:13:12 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 20:00:06 387,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 01:13:38 392,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 01:13:30 260,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 01:13:32 289,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 01:13:20 56,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 01:13:38 551,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 01:13:30 224,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 01:13:34 371,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 20:41:04 399,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:59:24 205,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 01:12:52 189,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 00:48:14 439,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 00:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 19:04:58 75,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-27 00:21:24 1,682,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 20:09:36 983,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 01:02:12 2,526,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 01:12:52 173,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 20:10:10 5,281,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 00:55:10 828,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 18:58:14 117,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 20:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 19:59:06 161,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-27 00:48:12 14,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 01:12:58 428,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 02:13:36 26,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 01:00:08 6,635,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 18:56:36 436,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 00:50:04 672,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 18:56:40 505,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 00:55:12 832,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-27 00:55:06 538,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 01:12:30 65,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 20:14:34 14,151,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 01:06:54 232,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 01:14:06 7,033,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 20:18:36 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 01:00:08 274,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 01:00:12 998,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 01:00:10 285,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 01:32:42 604,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 20:39:36 687,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 20:03:04 1,018,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 01:24:54 98,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 01:24:50 72,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 01:24:58 1,165,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 20:03:06 6,579,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 01:23:00 782,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 01:07:04 6,536,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-26 23:53:56 459,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 02:30:44 482,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 00:52:10 2,012,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 19:05:00 77,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-27 02:13:38 38,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 19:04:44 19,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 01:13:00 503,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 01:06:58 439,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 19:57:08 2,330,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 19:04:48 29,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 19:05:04 126,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 19:05:02 86,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 19:04:56 58,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 19:04:48 27,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 19:04:54 51,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 19:04:44 19,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 19:04:58 76,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-27 04:00:12 1,841,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-27 03:58:38 3,732,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2008-07-27 14:35:27 781,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-26 19:05:08 1,181,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 19:05:08 530,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-05-09 22:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VBE6.DLL
- 2008-07-27 14:47:38 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-08-23 08:22:05 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-08-16 08:42:03 20,240 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-08-23 08:16:02 20,240 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-16 08:42:01 184,080 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-08-23 08:16:00 184,080 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-08-16 08:42:02 217,864 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-08-23 08:16:02 217,864 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-16 08:42:03 18,704 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-23 08:16:03 18,704 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-08-16 08:42:03 35,088 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-08-23 08:16:03 35,088 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-16 08:42:02 922,384 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-08-23 08:16:01 922,384 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-08-16 08:42:03 888,080 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-08-23 08:16:03 888,080 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-16 08:42:01 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-23 08:15:59 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-23 06:06:32 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-08-24 21:33:17 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-08-23 06:06:32 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-08-24 21:33:17 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2007-06-06 15:53:34 1,195,888 ----a-w C:\WINDOWS\SYSTEM32\FM20.DLL
+ 2007-08-23 06:03:38 1,195,888 ----a-w C:\WINDOWS\SYSTEM32\FM20.DLL
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2007-08-23 05:18:08 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2007-08-23 05:18:08 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2007-08-23 05:18:08 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2007-08-23 05:18:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2007-08-23 05:18:08 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2007-08-23 05:18:08 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2007-08-23 05:18:08 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2007-08-23 05:18:08 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2007-08-23 05:18:08 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2007-08-23 05:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2007-08-23 05:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2007-08-23 05:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2007-08-23 05:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2007-08-23 05:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [2007-12-04 13:32 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 21:05 323584]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36 50688]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-12-19 21:37 36952]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 11:44 303104]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 02:26 185896]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-21 14:54 5078592]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Dit"="Dit.exe" [2004-12-17 14:21 94208 C:\WINDOWS\Dit.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-24 16:45]
S0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\System32\DRIVERS\ppa.sys [2001-08-17 14:53]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2004-12-11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102778278.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52]

2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-24 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
- C:\Program Files\SpywareBot\SpywareBot.exe []

2008-08-24 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
- C:\Program Files\SpywareBot []

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070209221549.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070401180509.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070401180546.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070401180553.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070401180629.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-21 14:55]

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-21 14:54]

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-21 14:54]

2008-08-24 C:\WINDOWS\Tasks\wrSpySweeper20070509232027.job
- A:\","C:\","D:\","E:\" []
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 17:06:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-24 17:23:56
ComboFix-quarantined-files.txt 2008-08-24 22:23:50
ComboFix2.txt 2008-08-23 06:38:05

Pre-Run: 26,494,115,840 bytes free
Post-Run: 26,478,620,672 bytes free

325 --- E O F --- 2008-08-23 08:22:54


During the Combofix run, I also had a Window pop-up with the following:
Windows - No Disc
Exception processing messgae c0000013 Parameters 75b6bf9c4 75b6bf9c 75b6bf9c

Is this related or should I do a separate post?

Thanks for your help!!!
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\MSN\msnupdate!@#@.exe
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Also post me a new HJT log
  • 0

#9
Juan1959

Juan1959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thanks again Rorschach112!! Here are the results of the OTmoveit and a fresh HJT.


OTMoveit2 Log:
Explorer killed successfully
< C:\Program Files\MSN\msnupdate!@#@.exe >
C:\Program Files\MSN\msnupdate!@#@.exe moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Loren\LOCALS~1\Temp\hpotdd001.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Loren\LOCALS~1\Temp\hpqtra001.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Loren\LOCALS~1\Temp\Perflib_Perfdata_7b0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Loren\LOCALS~1\Temp\~DFF952.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_2nhwy1ux7cGEmiH scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_RlUmkAxBho91pTu scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_nHTgWmBcEFzIQJq scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08242008_182454

Files moved on Reboot...
C:\DOCUME~1\Loren\LOCALS~1\Temp\hpotdd001.log moved successfully.
C:\DOCUME~1\Loren\LOCALS~1\Temp\hpqtra001.log moved successfully.
File C:\DOCUME~1\Loren\LOCALS~1\Temp\Perflib_Perfdata_7b0.dat not found!
C:\DOCUME~1\Loren\LOCALS~1\Temp\~DFF952.tmp moved successfully.
File C:\WINDOWS\temp\mcafee_2nhwy1ux7cGEmiH not found!
File C:\WINDOWS\temp\mcafee_RlUmkAxBho91pTu not found!
File C:\WINDOWS\temp\mcmsc_nHTgWmBcEFzIQJq not found!

*******************************

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:39 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = http://205.177.122.7...rch.php?id=5&s=
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.x-x-x-hos...201055066900177
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://205.177.122.7...rch.php?id=5&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll (file missing)
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\INAFA3~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\8BB7M4D1\ADA661~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\G5Y7S9IJ\NAN29_~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\ANONYM~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\G5Y7S9IJ\ADAA6F~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\1019_4~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\8BB7M4D1\OUT_2_~1.SH! C:\DOCUME~1\Loren\LOCALS~1\TEMPOR~1\Content.IE5\01G16RK9\AD8F6D~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://lhh.webex.co...bex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...598/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11761 bytes
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

Advertisements


#11
Juan1959

Juan1959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Rorschach112, I copied and pasted the link into the VirSCAn.org website and attempted to upload it and received an error, file not found.
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Additional Folder Scans, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Under Rootkit Search change it to Yes
  • Check the box at the top-left beside Scan All Users
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#13
Juan1959

Juan1959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi Rorschach112,

I followed the instructions and received an error message when I did the Run Scan step. The error message box says: "Error loading process libraries" with the only selection button as Abort. Then the next box says OTSCANit with the message "Class not registered".
Did I miss a step?

Thanks!
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try this

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

  • 0

#15
Juan1959

Juan1959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi Rorschach112,

Here are the results. Thanks for your time and effort on this!!

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : NUMBER1
Creation time : 8/25/2008 7:09:20 AM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe ( )
* C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
* C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (Hewlett-Packard Co.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
* C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
* C:\PROGRA~1\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
* c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
* C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
* c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
* C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
* C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
* C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
* C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
* C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)
* C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\DOCUME~1\Loren\LOCALS~1\Temp\Temporary Directory 1 for runscanner.zip\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\Program Files\SiteAdvisor\6172\SiteAdv.exe (McAfee, Inc.)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
002 C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
002 C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
002 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
002 * C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
002 C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
002 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
002 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
002 C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
002 * C:\Program Files\SiteAdvisor\6172\SiteAdv.exe (McAfee, Inc.)
003 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
005 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
005 C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
005 * C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
005 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
005 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
010 C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service)
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)
010 * c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent)
010 * C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee Personal Firewall Service)
010 * c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service)
010 * C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee Real-time Scanner)
010 * C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee Scanner)
010 * C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services)
010 * C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards)
010 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (NBService)
011 C:\WINDOWS\system32\Drivers\USBCRFT.SYS (Card Reader Filter)
011 C:\WINDOWS\system32\drivers\Cdr4_xp.sys (Cdr4_xp)
011 C:\WINDOWS\system32\drivers\Cdralw2k.sys (Cdralw2k)
011 C:\WINDOWS\system32\drivers\cdudf_xp.sys (cdudf_xp)
011 C:\WINDOWS\system32\drivers\dvd_2K.sys (dvd_2K)
011 * C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR CDRom Filter)
011 C:\WINDOWS\system32\drivers\MASPINT.sys (MASPINT)
011 * C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee Inc. mfeavfk)
011 * C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee Inc. mfebopk)
011 * C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee Inc. mfehidk)
011 * C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee Inc. mferkdk)
011 * C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee Inc. mfesmfk)
011 C:\WINDOWS\system32\drivers\MCSTRM.sys (MCSTRM)
011 C:\WINDOWS\system32\drivers\mmc_2K.sys (mmc_2K)
011 * C:\WINDOWS\System32\Drivers\Mpfp.sys (MPFP)
011 C:\WINDOWS\System32\DRIVERS\omci.sys (OMCI WDM Device Driver)
011 C:\WINDOWS\system32\drivers\pwd_2k.sys (pwd_2k)
011 C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (PxHelp20)
011 C:\WINDOWS\system32\drivers\UdfReadr_xp.sys (UdfReadr_xp)
031 * C:\Program Files\SiteAdvisor\6253\SiteAdv.dll {3A5DC592-7723-4EAA-9EE6-AF4222BCF879}
041 * C:\Program Files\SiteAdvisor\6253\SiteAdv.dll {0BF43445-2F28-4351-9252-17FE6E806AA0}
045 * C:\Program Files\Juno6\Toolbar.dll {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4}
047 Zone: : msn
047 Zone: //@[email protected] : msn //@[email protected]
047 Zone: //@[email protected] : msn //@[email protected]
052 C:\WINDOWS\system32\IETie.dll (Tenebril Incorporated) {9527D42F-D666-11D3-B8DD-00600838CD5F}
052 * C:\Program Files\SiteAdvisor\6253\SiteAdv.dll {089FD14D-132B-48FC-8861-0048AE113215}
052 * C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
061 C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll (Roxio) {5E44E225-A408-11CF-B581-008029601108}
061 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}
061 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}
062 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}
062 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
073 FRU Task #Hewlett-Packard#hp psc 1200 series#1102778278.job : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
073 McQcTask.job : c:\program files\mcafee\mqc\QcConsol.exe (McAfee, Inc.)
100 SearchUrl HKCU : http://my.juno.com/s...ch?r=minisearch
100 Start Page HKCU : http://www.msn.com/
102 GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}
104 * C:\WINDOWS\system32\mcinsctl.dll (McAfee, Inc) {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
104 GUID / CLSID not found {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
104 GUID / CLSID not found {9F1C11AA-197B-4942-BA54-47A8489BB47F}
104 * C:\WINDOWS\system32\mcgdmgr.dll (McAfee, Inc) {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
104 GUID / CLSID not found {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
104 * C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll (Networks Associates Technology, Inc) {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
105 Add to AMV Converter... : C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
105 Add to Media Manager... : C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
135 * c:\program files\mcafee\mshr\ShrCL.EXE
173 GUID / CLSID not found
173 GUID / CLSID not found
173 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
173 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
173 C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development) {2DE506B9-4320-11d3-8E42-002035221EDA}
173 C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\AmvTransform.dll {C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}
220 C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\AmvTransform.dll {C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}
221 GUID / CLSID not found
221 GUID / CLSID not found
221 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
221 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
221 C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development) {2DE506B9-4320-11d3-8E42-002035221EDA}
225 GUID / CLSID not found
225 GUID / CLSID not found
225 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
225 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
225 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
225 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
225 C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development) {2DE506B9-4320-11D3-8E42-002035221EDA}
225 C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development) {2DE506B9-4320-11D3-8E42-002035221EDA}
227 GUID / CLSID not found
227 C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development) {2DE506B9-4320-11D3-8E42-002035221EDA}
231 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG) NeroDigitalExt.NeroDigitalColumnHandler
231 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\bvrp_pci.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 System32\DRIVERS\wATV03nt.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 System32\DRIVERS\wanatw4.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
040 C:\Program Files\JUSearch\SearchEnh1.dll
063 SsiEfr.e
073 C:\Program Files\SpywareBot\SpywareBot.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP