Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-Spy.Win32

Started by burmeierca , Sep 26 2008 04:13 PM

  • Please log in to reply

#1
burmeierca
Posted 26 September 2008 - 04:13 PM

burmeierca

    New Member

  • Member
  • Pip
  • 4 posts
The Windows Security Alert window keep popping up with a message saying I have trojan. When I click on it I taking to a site to buy some software that will remove the virus. I don't trust the site so I haven't tried to purchase the software yet. Usually the virus name is some derivative of Trojan-Spy.Win32 (Trojan-Spy.Win32.KeyLogger.aa, Trojan-Spy.Win32.bankfraud, etc...). I run AVG free for security and Windows Defender popped up so I ran it. I have considered buying the AVG software, but don't want to get something that won't get rid of the virus. Could someone guide me through the process of fixing this. I have seen some post about this trojan on this website, but they seem too all be for Windows XP. Also, although I'm experienced at using my computer, I am a novice when it gets to digging into the processes that run it. If there is a post that guides me how to fix this on a Vista system you could redirect me to that post.
  • 0

Advertisements

#2
burmeierca
Posted 26 September 2008 - 05:00 PM

burmeierca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
RSIT logs
info.txt logfile of random's system information tool 1.02 2008-09-26 18:25:40

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belkin Wireless Driver-->C:\Program Files\InstallShield Installation Information\{D593C72C-435B-4171-8106-9CA8AA34D716}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Brownstone Equation Editor 5-->"C:\Program Files\Tutor 6\Equation Editor\Setup.exe" -R
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Documents To Go-->MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
e-Sword-->MsiExec.exe /I{97D86AAF-0473-4457-A35F-066C84E83CB0}
Evolve Reach RN Studyware-->MsiExec.exe /I{B9F2C612-C015-4AB0-A388-BB5CD6A4039A}
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->MsiExec.exe /I{9A379E7A-22ED-44FF-9293-E393D704505D}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Journals on PDA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF7EDB66-A524-4C34-BEBA-4184BBC2B8D8}\Setup.exe" -l0x9 anything
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
MetaFrame Presentation Server Web Client for Win32-->C:\Windows\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NCLEX-RN Review made Incredibly Easy-->C:\PROGRA~1\LWW\NCLEX-~1\UNWISE32.EXE C:\PROGRA~1\LWW\NCLEX-~1\INSTALL.LOG
Nursing Central-->C:\Program Files\Unbound Medicine\Nursing Central\uninst.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Palm-->MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Tutor-->C:\PROGRA~1\TUTOR6~1\UNWISE.EXE C:\PROGRA~1\TUTOR6~1\EXINST.LOG
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: AVG Anti-Virus
AS: AVG Anti-Virus (disabled)
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services

-----------------EOF-----------------



and..................................




Logfile of random's system information tool 1.02 (written by random/random)
Run by BurmeierCA at 2008-09-26 18:25:23
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 378 GB (81%) free of 467 GB
Total RAM: 1916 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\acthlpapl\vinevmvs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\hp\kbd\kbd.exe
C:\ProgramData\acthlpapl\vinevmvs.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BurmeierCA\Downloads\RSIT.exe
C:\Program Files\trend micro\BurmeierCA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.goodsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KbdStub.EXE"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [acthlpapl] "C:\ProgramData\acthlpapl\vinevmvs.exe"
O4 - HKCU\..\Run: [lphcg6qj0ep85] C:\Windows\system32\lphcg6qj0ep85.exe
O4 - HKCU\..\Run: [6UTwPVNQbH] C:\ProgramData\hubixklk\ngjoncbk.exe
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [shhlp] "C:\ProgramData\shhlp\jstgzajg.exe"
O4 - HKCU\..\Run: [DscSmartUtil] "C:\ProgramData\DscSmartUtil\jyfmdana.exe"
O4 - HKCU\..\Run: [MonWebUi] "C:\ProgramData\MonWebUi\xotyngza.exe"
O4 - HKCU\..\Run: [mntdsc] "C:\ProgramData\mntdsc\pkdifeby.exe"
O4 - HKCU\..\Run: [comapiinfo] "C:\ProgramData\comapiinfo\lkvslwta.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10489 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForBurmeierCA.job
C:\Windows\tasks\User_Feed_Synchronization-{59FDAF89-9A5D-4B32-BF0B-C8ED97768445}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-09-14 5751624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-28 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-28 2055960]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-09-14 5751624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
""=C:\Windows\system32\
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-29 1235736]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-20 2153472]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-01-18 942080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-09-14 160592]
"acthlpapl"=C:\ProgramData\acthlpapl\vinevmvs.exe [2008-09-23 90112]
"lphcg6qj0ep85"=C:\Windows\system32\lphcg6qj0ep85.exe []
"6UTwPVNQbH"=C:\ProgramData\hubixklk\ngjoncbk.exe []
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"shhlp"=C:\ProgramData\shhlp\jstgzajg.exe [2008-09-23 81920]
"DscSmartUtil"=C:\ProgramData\DscSmartUtil\jyfmdana.exe [2008-09-23 94208]
"MonWebUi"=C:\ProgramData\MonWebUi\xotyngza.exe [2008-09-24 90112]
"mntdsc"=C:\ProgramData\mntdsc\pkdifeby.exe [2008-09-24 98304]
"comapiinfo"=C:\ProgramData\comapiinfo\lkvslwta.exe [2008-09-25 102400]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe

C:\Users\BurmeierCA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a125b678-2d11-11dd-ac25-806e6f6e6963}]
shell\AutoRun\command - E:\Autobrowse.exe start.exe


======List of files/folders created in the last 1 months======

2008-09-26 18:25:23 ----D---- C:\rsit
2008-09-26 18:25:23 ----D---- C:\Program Files\trend micro
2008-09-26 06:02:32 ----D---- C:\Windows\pss
2008-09-26 05:19:54 ----D---- C:\Program Files\Webroot
2008-09-26 05:19:54 ----A---- C:\Windows\WRSetup.dll
2008-09-26 04:39:20 ----D---- C:\Windows\Sun
2008-09-26 04:03:34 ----AD---- C:\ProgramData\TEMP
2008-09-26 03:01:08 ----D---- C:\ProgramData\WindowsSearch
2008-09-25 18:26:22 ----D---- C:\ProgramData\comapiinfo
2008-09-25 05:08:32 ----SHD---- C:\Config.Msi
2008-09-24 12:03:26 ----D---- C:\ProgramData\mntdsc
2008-09-24 02:54:43 ----D---- C:\ProgramData\Lavasoft
2008-09-24 02:28:25 ----D---- C:\ProgramData\MonWebUi
2008-09-24 01:48:07 ----D---- C:\Program Files\Enigma Software Group
2008-09-24 01:38:22 ----D---- C:\Program Files\e-Sword
2008-09-24 00:50:54 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-23 18:58:13 ----D---- C:\ProgramData\DscSmartUtil
2008-09-23 17:03:24 ----D---- C:\Program Files\MSECache
2008-09-23 04:23:07 ----D---- C:\ProgramData\shhlp
2008-09-23 03:25:21 ----D---- C:\ProgramData\hubixklk
2008-09-23 03:25:00 ----D---- C:\ProgramData\acthlpapl
2008-09-20 18:26:14 ----D---- C:\Users\BurmeierCA\AppData\Roaming\InstallShield
2008-09-20 18:09:11 ----D---- C:\Program Files\Belkin
2008-09-18 15:49:11 ----A---- C:\Windows\system32\javaws.exe
2008-09-18 15:49:11 ----A---- C:\Windows\system32\javaw.exe
2008-09-18 15:49:11 ----A---- C:\Windows\system32\java.exe
2008-09-18 14:11:53 ----D---- C:\ProgramData\Google
2008-09-17 02:18:47 ----A---- C:\Windows\system32\wups2.dll
2008-09-17 02:18:47 ----A---- C:\Windows\system32\wucltux.dll
2008-09-17 02:18:47 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-17 02:18:47 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-17 02:18:14 ----A---- C:\Windows\system32\wups.dll
2008-09-17 02:18:14 ----A---- C:\Windows\system32\wudriver.dll
2008-09-17 02:18:14 ----A---- C:\Windows\system32\wuapi.dll
2008-09-17 02:17:57 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-17 02:17:57 ----A---- C:\Windows\system32\wuapp.exe
2008-09-16 19:26:51 ----D---- C:\Program Files\LWW
2008-09-15 13:03:37 ----D---- C:\Users\BurmeierCA\AppData\Roaming\ICAClient
2008-09-15 12:54:00 ----D---- C:\Windows\system32\Resource
2008-09-15 12:53:52 ----D---- C:\Program Files\Citrix
2008-09-14 10:42:50 ----D---- C:\ProgramData\RoboForm
2008-09-14 10:42:29 ----D---- C:\Program Files\Siber Systems
2008-09-11 03:01:09 ----D---- C:\Program Files\MSXML 4.0
2008-09-10 13:11:41 ----D---- C:\Windows\Profiles
2008-09-10 13:11:36 ----A---- C:\Windows\system32\Msjet35.dll
2008-09-10 13:11:36 ----A---- C:\Windows\system32\DWSPY32.dll
2008-09-10 13:11:36 ----A---- C:\Windows\system32\Dao350.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\VB5DB.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\triedit.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\PICN20.DLL
2008-09-10 13:11:35 ----A---- C:\Windows\system32\Msstdfmt.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\Msrepl35.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\Msrd2x35.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\Msjter35.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\Msjint35.dll
2008-09-10 13:11:35 ----A---- C:\Windows\system32\FXTLS532.DLL
2008-09-10 04:42:43 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 04:42:42 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 04:42:39 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 04:42:37 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 04:42:37 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 04:42:37 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 19:48:25 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Tutor
2008-09-09 19:44:42 ----A---- C:\Windows\system32\msxml4r.dll
2008-09-09 19:44:42 ----A---- C:\Windows\system32\msxml4a.dll
2008-09-09 19:44:42 ----A---- C:\Windows\system32\inetwh32.dll
2008-09-09 19:44:40 ----A---- C:\Windows\system32\wodHttp.dll
2008-09-09 19:44:40 ----A---- C:\Windows\system32\wodCertificate.dll
2008-09-09 19:44:40 ----A---- C:\Windows\system32\SockIntf.dll
2008-09-09 19:44:39 ----A---- C:\Windows\system32\dwspyvb6.dll
2008-09-09 19:44:39 ----A---- C:\Windows\system32\dwspy5.dll
2008-09-09 19:44:38 ----A---- C:\Windows\system32\ImgMan81.dll
2008-09-09 19:44:36 ----A---- C:\Windows\system32\brgXerces25.dll
2008-09-09 19:44:36 ----A---- C:\Windows\system32\brgSub.dll
2008-09-09 19:44:36 ----A---- C:\Windows\system32\brgrt.dll
2008-09-09 19:44:36 ----A---- C:\Windows\system32\Brgres32.dll
2008-09-09 19:44:36 ----A---- C:\Windows\system32\brgop.exe
2008-09-09 19:44:35 ----A---- C:\Windows\system32\brgte32.dll
2008-09-09 19:44:35 ----A---- C:\Windows\system32\brgmte.dll
2008-09-09 19:44:35 ----A---- C:\Windows\system32\Brgdlg32.dll
2008-09-09 19:44:33 ----A---- C:\Windows\system32\brgdipio.dll
2008-09-09 19:44:32 ----A---- C:\Windows\system32\brgsetup.dll
2008-09-09 19:44:31 ----D---- C:\Program Files\Tutor 6
2008-09-05 12:35:07 ----D---- C:\ProgramData\CanonIJPLM
2008-09-05 12:13:50 ----HD---- C:\ProgramData\CanonBJ
2008-09-05 12:12:59 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-09-05 12:11:42 ----A---- C:\Windows\system32\CNMLM97.DLL
2008-09-05 12:11:29 ----HD---- C:\Program Files\CanonBJ
2008-09-05 12:10:37 ----D---- C:\Program Files\Canon
2008-09-04 05:12:40 ----D---- C:\Program Files\Evolve Reach RN
2008-09-01 23:04:50 ----D---- C:\Program Files\Common Files\Adobe
2008-09-01 23:04:50 ----D---- C:\Program Files\Adobe
2008-09-01 19:16:15 ----D---- C:\Users\BurmeierCA\AppData\Roaming\OpenOffice.org2
2008-09-01 07:51:16 ----HD---- C:\$AVG8.VAULT$
2008-09-01 07:47:27 ----D---- C:\Program Files\Common Files\Scanner
2008-09-01 07:47:24 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-09-01 07:41:33 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Yahoo!
2008-09-01 07:41:33 ----D---- C:\ProgramData\Yahoo! Companion
2008-08-29 22:42:53 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2008-08-29 22:42:21 ----A---- C:\Windows\DIFxAPI.dll
2008-08-29 22:42:08 ----A---- C:\Windows\RtlUpd.exe
2008-08-29 22:42:07 ----D---- C:\Program Files\Realtek
2008-08-29 22:42:07 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-08-29 22:42:07 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-08-29 22:42:07 ----A---- C:\Windows\RtHDVCpl.exe
2008-08-29 22:42:06 ----A---- C:\Windows\RtlExUpd.dll
2008-08-29 22:42:06 ----A---- C:\Windows\HideWin.exe
2008-08-29 22:27:41 ----D---- C:\Users\BurmeierCA\AppData\Roaming\WinBatch
2008-08-29 13:13:52 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Template
2008-08-29 01:07:29 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Adobe
2008-08-29 00:21:02 ----D---- C:\Program Files\Unbound Medicine
2008-08-29 00:00:01 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Leadertech
2008-08-28 23:59:44 ----A---- C:\additdiag.txt
2008-08-28 23:53:43 ----D---- C:\ProgramData\DataViz
2008-08-28 23:53:43 ----D---- C:\Program Files\Common Files\DataViz
2008-08-28 23:53:38 ----D---- C:\Program Files\Documents To Go
2008-08-28 23:52:19 ----D---- C:\ProgramData\HotSync
2008-08-28 23:51:44 ----A---- C:\Windows\PalmDevC.dll
2008-08-28 23:51:16 ----D---- C:\Program Files\Palm
2008-08-28 23:50:44 ----D---- C:\Users\BurmeierCA\AppData\Roaming\HotSync
2008-08-28 23:50:29 ----D---- C:\Windows\Downloaded Installations
2008-08-28 23:32:21 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-08-28 23:17:02 ----A---- C:\Windows\system32\avgrsstx.dll
2008-08-28 23:16:50 ----D---- C:\ProgramData\avg8
2008-08-28 23:16:50 ----D---- C:\Program Files\AVG
2008-08-28 22:33:35 ----A---- C:\Windows\system32\tzres.dll
2008-08-28 22:32:19 ----A---- C:\Windows\system32\msshooks.dll
2008-08-28 22:32:19 ----A---- C:\Windows\system32\msscb.dll
2008-08-28 22:32:17 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-28 22:32:17 ----A---- C:\Windows\system32\propsys.dll
2008-08-28 22:32:17 ----A---- C:\Windows\system32\propdefs.dll
2008-08-28 22:32:17 ----A---- C:\Windows\system32\msstrc.dll
2008-08-28 22:32:17 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-28 22:32:17 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-28 22:32:17 ----A---- C:\Windows\system32\msshsq.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\wsepno.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\offfilt.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-28 22:32:16 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\tquery.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-28 22:32:15 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-28 22:32:15 ----A---- C:\Windows\system32\mssvp.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\mssrch.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\mssph.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-28 22:32:15 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-28 21:27:39 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Mozilla
2008-08-28 21:27:28 ----D---- C:\Program Files\Mozilla Firefox
2008-08-28 21:25:26 ----A---- C:\Windows\system32\kd1394.dll
2008-08-28 21:25:25 ----A---- C:\Windows\system32\winload.exe
2008-08-28 21:25:25 ----A---- C:\Windows\system32\ci.dll
2008-08-28 21:25:24 ----A---- C:\Windows\system32\winresume.exe
2008-08-28 21:25:22 ----A---- C:\Windows\system32\srdelayed.exe
2008-08-28 21:25:22 ----A---- C:\Windows\system32\srcore.dll
2008-08-28 21:25:22 ----A---- C:\Windows\system32\srclient.dll
2008-08-28 21:25:22 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-08-28 21:25:22 ----A---- C:\Windows\system32\rstrui.exe
2008-08-28 21:25:20 ----A---- C:\Windows\system32\kbd106n.dll
2008-08-28 21:25:05 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-28 21:24:57 ----A---- C:\Windows\system32\wininet.dll
2008-08-28 21:24:57 ----A---- C:\Windows\system32\mshtml.dll
2008-08-28 21:24:57 ----A---- C:\Windows\system32\ieframe.dll
2008-08-28 21:24:56 ----A---- C:\Windows\system32\urlmon.dll
2008-08-28 21:24:56 ----A---- C:\Windows\system32\mstime.dll
2008-08-28 21:24:56 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-28 21:24:50 ----A---- C:\Windows\system32\gameux.dll
2008-08-28 21:24:44 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-08-28 21:24:41 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-08-28 21:24:31 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-08-28 21:23:58 ----A---- C:\Windows\system32\shell32.dll
2008-08-28 21:23:53 ----A---- C:\Windows\system32\rpcrt4.dll
2008-08-28 21:23:52 ----A---- C:\Windows\system32\pacerprf.dll
2008-08-28 21:23:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-08-28 21:23:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-08-28 21:23:50 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-28 21:23:48 ----A---- C:\Windows\system32\es.dll
2008-08-28 21:23:15 ----A---- C:\Windows\system32\wshext.dll
2008-08-28 21:23:15 ----A---- C:\Windows\system32\wscript.exe
2008-08-28 21:23:15 ----A---- C:\Windows\system32\vbscript.dll
2008-08-28 21:23:15 ----A---- C:\Windows\system32\jscript.dll
2008-08-28 21:23:14 ----A---- C:\Windows\system32\scrrun.dll
2008-08-28 21:23:14 ----A---- C:\Windows\system32\scrobj.dll
2008-08-28 21:23:14 ----A---- C:\Windows\system32\cscript.exe
2008-08-28 21:23:11 ----A---- C:\Windows\system32\gdi32.dll
2008-08-28 21:21:34 ----A---- C:\Windows\system32\psisdecd.dll
2008-08-28 21:21:34 ----A---- C:\Windows\system32\EncDec.dll
2008-08-28 21:19:19 ----A---- C:\Windows\system32\quartz.dll
2008-08-28 21:12:40 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Symantec
2008-08-28 21:12:08 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Identities
2008-08-28 21:09:19 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Macromedia
2008-08-28 21:07:06 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Hewlett-Packard
2008-08-28 21:04:59 ----SD---- C:\Users\BurmeierCA\AppData\Roaming\Microsoft
2008-08-28 21:04:59 ----D---- C:\Users\BurmeierCA\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2008-09-26 18:25:38 ----D---- C:\Windows\Temp
2008-09-26 18:25:23 ----RD---- C:\Program Files
2008-09-26 18:23:29 ----HD---- C:\ProgramData
2008-09-26 18:23:27 ----D---- C:\Windows\Tasks
2008-09-26 18:23:27 ----D---- C:\Windows\System32
2008-09-26 18:23:26 ----SHD---- C:\Windows\Installer
2008-09-26 18:23:26 ----RD---- C:\Users
2008-09-26 18:23:26 ----D---- C:\Windows\system32\drivers
2008-09-26 17:27:33 ----D---- C:\Windows\inf
2008-09-26 17:27:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-26 07:48:08 ----SHD---- C:\System Volume Information
2008-09-26 06:50:05 ----D---- C:\Windows
2008-09-26 05:36:17 ----D---- C:\Windows\system32\WDI
2008-09-26 05:23:22 ----D---- C:\Windows\system32\Tasks
2008-09-26 05:20:11 ----A---- C:\Windows\win.ini
2008-09-26 03:21:25 ----D---- C:\Windows\Prefetch
2008-09-25 06:10:29 ----D---- C:\Program Files\Common Files
2008-09-24 02:31:19 ----D---- C:\Windows\system32\catroot2
2008-09-23 17:11:14 ----D---- C:\Program Files\Microsoft Office
2008-09-23 03:59:04 ----D---- C:\Program Files\Yahoo!
2008-09-20 18:40:18 ----SD---- C:\ProgramData\Microsoft
2008-09-20 18:37:44 ----D---- C:\Windows\system32\NDF
2008-09-20 18:27:13 ----D---- C:\Windows\system32\catroot
2008-09-20 18:26:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-18 15:58:08 ----D---- C:\Windows\rescache
2008-09-18 15:49:10 ----D---- C:\Program Files\Java
2008-09-18 15:39:16 ----D---- C:\Windows\system32\en-US
2008-09-18 15:37:49 ----D---- C:\Windows\winsxs
2008-09-17 18:30:16 ----RSD---- C:\Windows\Fonts
2008-09-15 18:04:39 ----D---- C:\Windows\SMINST
2008-09-11 03:09:44 ----D---- C:\Windows\AppPatch
2008-09-01 23:04:59 ----D---- C:\ProgramData\Adobe
2008-08-30 12:21:17 ----D---- C:\Windows\system32\LogFiles
2008-08-29 22:44:40 ----D---- C:\Program Files\HP
2008-08-29 22:42:48 ----D---- C:\Windows\system32\RTCOM
2008-08-29 22:29:11 ----D---- C:\ProgramData\NVIDIA
2008-08-29 17:10:27 ----D---- C:\Windows\Logs
2008-08-28 23:33:14 ----RSD---- C:\Windows\assembly
2008-08-28 23:14:56 ----D---- C:\Windows\Debug
2008-08-28 23:01:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-08-28 22:59:06 ----D---- C:\ProgramData\Symantec
2008-08-28 22:40:35 ----HD---- C:\hp
2008-08-28 22:36:53 ----D---- C:\Windows\PolicyDefinitions
2008-08-28 22:36:51 ----D---- C:\Windows\ehome
2008-08-28 22:36:50 ----D---- C:\Windows\system32\migration
2008-08-28 22:36:47 ----D---- C:\Windows\system32\Boot
2008-08-28 22:36:46 ----D---- C:\Program Files\Windows Mail
2008-08-28 21:29:45 ----D---- C:\Windows\Microsoft.NET
2008-08-28 21:29:26 ----D---- C:\Windows\SoftwareDistribution
2008-08-28 21:13:24 ----D---- C:\ProgramData\Hewlett-Packard
2008-08-28 21:12:34 ----SHD---- C:\$Recycle.Bin
2008-08-28 21:11:52 ----D---- C:\Windows\system
2008-08-28 21:05:52 ----D---- C:\Windows\system32\restore
2008-08-28 21:05:43 ----RD---- C:\Program Files\Online Services

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-08-28 26824]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-08-28 69128]
R3 BELKIN;Belkin Wireless G USB Network Adapter; C:\Windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 252416]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2008-08-28 16694]
S3 RT73;Belkin USB Network Adapter; C:\Windows\system32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------
  • 0

#3
burmeierca
Posted 26 September 2008 - 06:35 PM

burmeierca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Maleware Quickscan
Malwarebytes' Anti-Malware 1.28
Database version: 1211
Windows 6.0.6001 Service Pack 1

9/26/2008 7:25:56 PM
mbam-log-2008-09-26 (19-25-56).txt

Scan type: Quick Scan
Objects scanned: 40762
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcg6qj0ep85 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
burmeierca
Posted 26 September 2008 - 06:37 PM

burmeierca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Maleware Full Scan
Malwarebytes' Anti-Malware 1.28
Database version: 1211
Windows 6.0.6001 Service Pack 1

9/26/2008 8:32:07 PM
mbam-log-2008-09-26 (20-32-07).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 157186
Time elapsed: 1 hour(s), 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP