Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

wsnpoem_v2 & Google Re-Direct [Solved]

Started by screen_name , Dec 20 2008 11:50 AM

  • This topic is locked This topic is locked

#1
screen_name
Posted 20 December 2008 - 11:50 AM

screen_name

    Member

  • Member
  • PipPip
  • 10 posts
My online HSBC account recently got shut-down because they said my computer was infected with the wsnpoem_v2 trojan virus and that my log-in info had been stolen.

My internet explorer is also infected with the Google Re-Direct. My search results led to generic sites like lowpriceshopper.com, or will take me to something like Uber Prints if I type in a t-shirt related search. It usually flashes Goougly.com during the re-direct.

I know there are other threads on both these, but I’ve tried to follow the instructions in several of them and had no luck. If someone could look at my individual case it would be greatly appreciated.

Below is my latest HijackThis log…

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:59 PM, on 2008-12-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Czewo] rundll32.exe "C:\WINDOWS\Pwused.dll",e
O4 - HKLM\..\Run: [Mtoligu] rundll32.exe "C:\WINDOWS\ifofebos.dll",e
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8501 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 20 December 2008 - 12:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

  • 0

#3
screen_name
Posted 20 December 2008 - 12:34 PM

screen_name

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Rorschach - thanks for the quick reply. Below is the Report info...

SDFix: Version 1.240
Run by RodrigoNY on 2008-12-20 at 01:16 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\RodrigoNY\Desktop\Installed\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :
  • 0

#4
Rorschach112
Posted 20 December 2008 - 12:44 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Are you sure thats all the log ?

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Under the Custom Scans box at the bottom left paste the following in

    %systemroot%\Prefetch\*.* /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\Temp\bca4e2da.$$$
    %systemroot%\Temp\ed47fa.$
    %systemroot%\Temp\fa56d7ec.$$$
    %systemroot%\System32\antiwpa.dll
    %systemroot%\Pack.epk
    %ProgramFiles%\MSN Messenger\*.zip
    %ProgramFiles%\MSN Messenger\*.exe
    %ProgramFiles%\MSN Messenger\*.rar
    %PROGRAMFILES%\*crack*.
    %PROGRAMFILES%\*keygen*.
    %SYSTEMDRIVE%\*crack*.
    %SYSTEMDRIVE%\*keygen*.
    %SYSTEMDRIVE%\*.zip
    %SYSTEMDRIVE%\*.rar
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\*.dll
    %systemroot%\*.zip
    %systemroot%\*.rar
    %systemroot%\system32\*.zip
    %systemroot%\system32\*.rar
    %PROGRAMFILES%\*.zip
    %PROGRAMFILES%\*.rar
    %PROGRAMFILES%\*.exe
    %PROGRAMFILES%\*.dll
    %DESKTOP%\*.zip
    %DESKTOP%\*.rar
    %DESKTOP%\*.exe
    %DESKTOP%\*crack*.
    %DESKTOP%\*keygen*.
    %PROGRAMFILES%\Common Files\*.*
    %PROGRAMFILES%\Common Files\*bak*.
    %systemroot%\SYSTEM32\*bak*.
    %PROGRAMFILES%\*bak*.
    %systemroot%\ime\imjp8_1\*bak*.
    %PROGRAMFILES%\QuickTime\*bak*.
    %PROGRAMFILES%\Viewpoint\Viewpoint Manager\*bak*.
    %PROGRAMFILES%\Analog Devices\Core\*bak*.
    %USERNAME%\*.zip
    %USERNAME%\*.rar
    %USERNAME%\*.exe
    %USERPROFILE%\*.zip
    %USERPROFILE%\*.rar
    %USERPROFILE%\*.exe
    %ALLUSERSPROFILE%\*.zip
    %ALLUSERSPROFILE%\*.rar
    %ALLUSERSPROFILE%\*.exe
    %APPDATA%\*.zip
    %APPDATA%\*.rar
    %APPDATA%\*.exe
    %ALLUSERSSTARTMENU%\*.zip
    %ALLUSERSSTARTMENU%\*.rar
    %ALLUSERSSTARTMENU%\*.exe
    %ALLUSERSSTARTUP%\*.zip
    %ALLUSERSSTARTUP%\*.rar
    %ALLUSERSSTARTUP%\*.exe
    %ALLUSERSPROGRAMS%\*.zip
    %ALLUSERSPROGRAMS%\*.rar
    %ALLUSERSPROGRAMS%\*.exe
    %ALLUSERSAPPDATA%\*.zip
    %ALLUSERSAPPDATA%\*.rar
    %ALLUSERSAPPDATA%\*.exe
    %APPDATA%\*.zip
    %APPDATA%\*.rar
    %APPDATA%\*.exe
    %APPDATA%\*.dat
    %APPDATA%\*.dll
    %QUICKLAUNCH%\*.zip
    %QUICKLAUNCH%\*.rar
    %QUICKLAUNCH%\*.exe
    %STARTUP%\*.zip
    %STARTUP%\*.rar
    %STARTUP%\*.exe
    %STARTMENU%\*.zip
    %STARTMENU%\*.rar
    %STARTMENU%\*.exe
    %MYDOCUMENTS%\*.zip
    %MYDOCUMENTS%\*.rar
    %MYDOCUMENTS%\*.exe
    %MYDOCUMENTS%\*crack*.
    %MYDOCUMENTS%\*keygen*.
    %PROGRAMFILES%\Mozilla Firefox\plugins\*.*
    %PROGRAMFILES%\Internet Explorer\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.zip /s
    %PROGRAMFILES%\Mozilla Firefox\*.rar /s
    %PROGRAMFILES%\Mozilla Firefox\*.exe /s
    %PROGRAMFILES%\Internet Explorer\*.zip /s
    %PROGRAMFILES%\Internet Explorer\*.rar /s
    %PROGRAMFILES%\Internet Explorer\*.exe /s
    %SYSTEMDRIVE%\*.dat
    %SYSTEMDRIVE%\*.sys
    %SYSTEMROOT%\*.dat
    %SYSTEMROOT%\*.sys
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system\*.exe /s
    %systemroot%\system\*.zip /s
    %systemroot%\system\*.rar /s
    %systemroot%\AppPatch\*.exe /s
    %systemroot%\AppPatch\*.zip /s
    %systemroot%\AppPatch\*.rar /s
    %systemroot%\Cache\*.*
    %systemroot%\Downloaded Program Files\*.*
    %systemroot%\Fonts\*.exe /s
    %systemroot%\Fonts\*.zip /s
    %systemroot%\Fonts\*.rar /s
    %systemroot%\Fonts\*.dll /s
    %systemroot%\Help\*.exe /s
    %systemroot%\Help\*.zip /s
    %systemroot%\Help\*.rar /s
    %systemroot%\Tasks\*.*
    %APPDATA%\*.sys
    %APPDATA%\Google\*.*
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %PROGRAMFILES%\*TinyProxy*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs
    %systemroot%\system32\inf\*.exe /s
    %systemroot%\system32\inf\*.zip /s
    %systemroot%\system32\inf\*.rar /s
    %systemroot%\system32\inf\*.dll /s
    %PROGRAMFILES%\Bitlord\Downloads\*.zip /s
    %PROGRAMFILES%\Bitlord\Downloads\*.rar /s
    %PROGRAMFILES%\Bitlord\Downloads\*.exe /s
    %PROGRAMFILES%\Bitlord\Downloads\*crack*.
    %PROGRAMFILES%\Bitlord\Downloads\*keygen*.
    %PROGRAMFILES%\eMule\Incoming\*.zip /s
    %PROGRAMFILES%\eMule\Incoming\*.rar /s
    %PROGRAMFILES%\eMule\Incoming\*.exe /s
    %PROGRAMFILES%\eMule\Incoming\*crack*.
    %PROGRAMFILES%\eMule\Incoming\*keygen*.
    %ProgramFiles%\Bittorent\downloads\*.zip /s
    %ProgramFiles%\Bittorent\downloads\*.exe /s
    %ProgramFiles%\Bittorent\downloads\*.rar /s
    %PROGRAMFILES%\Bittorent\Downloads\*crack*.
    %PROGRAMFILES%\Bittorent\Downloads\*keygen*.
    %ProgramFiles%\Bearshare\Shared\*.zip /s
    %ProgramFiles%\Bearshare\Shared\*.exe /s
    %ProgramFiles%\Bearshare\Shared\*.rar /s
    %ProgramFiles%\Bearshare\Shared\*crack*.
    %ProgramFiles%\Bearshare\Shared\*keygen*.
    %ProgramFiles%\Morpheus\My Shared Folder\*.zip /s
    %ProgramFiles%\Morpheus\My Shared Folder\*.exe /s
    %ProgramFiles%\Morpheus\My Shared Folder\*.rar /s
    %ProgramFiles%\Morpheus\My Shared Folder\*crack*.
    %ProgramFiles%\Morpheus\My Shared Folder\*keygen*.
    %ProgramFiles%\uTorrent\Downloads\*.zip /s
    %ProgramFiles%\uTorrent\Downloads\*.exe /s
    %ProgramFiles%\uTorrent\Downloads\*.rar /s
    %ProgramFiles%\uTorrent\Downloads\*crack*.
    %ProgramFiles%\uTorrent\Downloads\*keygen*.
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*.zip /s
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*.exe /s
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*.rar /s
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*crack*.
    %ProgramFiles%\Kazaa Lite\My Shared Folder\*keygen*.
    %ProgramFiles%\Kazaa\My Shared Folder\*.zip /s
    %ProgramFiles%\Kazaa\My Shared Folder\*.exe /s
    %ProgramFiles%\Kazaa\My Shared Folder\*.rar /s
    %ProgramFiles%\Kazaa\My Shared Folder\*crack*.
    %ProgramFiles%\Kazaa\My Shared Folder\*keygen*.
    %ProgramFiles%\Icq\Shared Files\*.zip /s
    %ProgramFiles%\Icq\Shared Files\*.exe /s
    %ProgramFiles%\Icq\Shared Files\*.rar /s
    %ProgramFiles%\Icq\Shared Files\*crack*.
    %ProgramFiles%\Icq\Shared Files\*keygen*.
    %ProgramFiles%\Direct Connect\Received Files\*.zip /s
    %ProgramFiles%\Direct Connect\Received Files\*.exe /s
    %ProgramFiles%\Direct Connect\Received Files\*.rar /s
    %ProgramFiles%\Direct Connect\Received Files\*crack*.
    %ProgramFiles%\Direct Connect\Received Files\*keygen*.




  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#5
screen_name
Posted 20 December 2008 - 12:49 PM

screen_name

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yeah that's the entire log. I just double checked it.

When I extracted the SDFix files McAfee rejected the Generic.dx file. Maybe that had somethig to do with it? If I should redo the SDFix scan before the OTScan just let me know
  • 0

#6
screen_name
Posted 20 December 2008 - 03:43 PM

screen_name

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Attached is the OTScan report

Attached Files


  • 0

#7
Rorschach112
Posted 21 December 2008 - 06:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe
[Win32 Services - Safe List]
YY -> (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Stopped] ->
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Czewo" -> %SystemRoot%\Pwused.dll [rundll32.exe "C:\WINDOWS\Pwused.dll",e]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> ISTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Spyware Doctor\pctsTray.exe
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
YN -> Winyb33.sys ->
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
YN -> Winyb33.sys ->
[Files/Folders - Created Within 90 Days]
NY -> 1 C:\Documents and Settings\RodrigoNY\My Documents\*.tmp files -> C:\Documents and Settings\RodrigoNY\My Documents\*.tmp
NY -> tmp.reg -> %SystemRoot%\System32\tmp.reg
NY -> VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe
NY -> SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe
NY -> swreg.exe -> %SystemRoot%\System32\swreg.exe
NY -> VACFix.exe -> %SystemRoot%\System32\VACFix.exe
NY -> IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe
NY -> IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe
NY -> 404Fix.exe -> %SystemRoot%\System32\404Fix.exe
NY -> o4Patch.exe -> %SystemRoot%\System32\o4Patch.exe
NY -> swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe
NY -> Agent.OMZ.Fix.exe -> %SystemRoot%\System32\Agent.OMZ.Fix.exe
NY -> Process.exe -> %SystemRoot%\System32\Process.exe
NY -> dumphive.exe -> %SystemRoot%\System32\dumphive.exe
NY -> swsc.exe -> %SystemRoot%\System32\swsc.exe
NY -> WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe
NY -> gmer.ini -> %SystemRoot%\gmer.ini
NY -> gmer.dll -> %SystemRoot%\gmer.dll
NY -> gmer.exe -> %SystemRoot%\gmer.exe
NY -> gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys
NY -> gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd
NY -> RECYCLER -> %SystemDrive%\RECYCLER
NY -> SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe
NY -> SWREG.exe -> %SystemRoot%\SWREG.exe
NY -> SWSC.exe -> %SystemRoot%\SWSC.exe
NY -> sed.exe -> %SystemRoot%\sed.exe
NY -> fdsv.exe -> %SystemRoot%\fdsv.exe
NY -> grep.exe -> %SystemRoot%\grep.exe
NY -> zip.exe -> %SystemRoot%\zip.exe
NY -> VFIND.exe -> %SystemRoot%\VFIND.exe
NY -> NIRCMD.exe -> %SystemRoot%\NIRCMD.exe
NY -> Qoobox -> %SystemDrive%\Qoobox
NY -> XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job
NY -> lakerda1967.sys -> %AppData%\lakerda1967.sys
[File - Lop Check]
NY -> yhibcfcd -> C:\Documents and Settings\All Users\Application Data\yhibcfcd
NY -> XoftSpySE 2.job -> C:\WINDOWS\Tasks\XoftSpySE 2.job
NY -> XoftSpySE.job -> C:\WINDOWS\Tasks\XoftSpySE.job
[Alternate Data Streams]
NY -> @Alternate Data Stream - 148 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
NY -> @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
NY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
  • 0

#8
screen_name
Posted 21 December 2008 - 09:20 AM

screen_name

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I pasted in the fix in the OTScan and in the middle it stopped and said...

"Access violation at address 720508B0. Read of address 720508B0"

I hit run fix again after the error came up and it finished the remaining clearing and then rebooted.

On the reboot another error message came up...

"RUNDLL
Error Loading C:\WINDOWS\Pwused.dll. The specified module could not be found"

Here is the log for the first OT Scan

[File - Lop Check]
C:\Documents and Settings\All Users\Application Data\yhibcfcd folder moved successfully.
C:\WINDOWS\Tasks\XoftSpySE 2.job moved successfully.
C:\WINDOWS\Tasks\XoftSpySE.job moved successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\RodrigoNY\My Documents\Thumbs.db:encryptable deleted successfully.
Unable to delete ADS C:\Documents and Settings\RodrigoNY\Desktop\Thumbs.db:encryptable .
ADS C:\WINDOWS\Thumbs.db:encryptable deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\fb_360.lck scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF20E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF2109.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DFC84F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_CMXKiNJ3UUCAbSb scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_wQzZI7ABUrwOV6W scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_xqnONGiGPA7PZFG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_330.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_bhzXtCXcboj7iza scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_godKy2Dj4UublGx scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_jsmgHkrMT6CRfKj scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_MxpQcuQOr5WRy3y scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_MzIcQvf3Blu5Bbh scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_ppgIO9xefJqf1lY scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_s5GHfF1VeU05QwE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1A.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.3.1 fix logfile created on 12212008_085518

Files moved on Reboot...
File C:\Documents and Settings\RodrigoNY\Local Settings\Temp\fb_360.lck not found!
File C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF20E4.tmp not found!
File C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF2109.tmp not found!
C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DFC84F.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\mcmsc_CMXKiNJ3UUCAbSb not found!
File C:\WINDOWS\temp\mcmsc_wQzZI7ABUrwOV6W not found!
File C:\WINDOWS\temp\mcmsc_xqnONGiGPA7PZFG not found!
File C:\WINDOWS\temp\Perflib_Perfdata_330.dat not found!
C:\WINDOWS\temp\sqlite_bhzXtCXcboj7iza moved successfully.
C:\WINDOWS\temp\sqlite_godKy2Dj4UublGx moved successfully.
C:\WINDOWS\temp\sqlite_jsmgHkrMT6CRfKj moved successfully.
C:\WINDOWS\temp\sqlite_MxpQcuQOr5WRy3y moved successfully.
C:\WINDOWS\temp\sqlite_MzIcQvf3Blu5Bbh moved successfully.
C:\WINDOWS\temp\sqlite_ppgIO9xefJqf1lY moved successfully.
C:\WINDOWS\temp\sqlite_s5GHfF1VeU05QwE moved successfully.
File C:\WINDOWS\temp\WFV1A.tmp not found!

Registry entries deleted on Reboot...

-----------

I ran OTScan again to see if the error was a mistake, but I got the same one the second time as well...

"Access violation at address 720508B0. Read of address 720508B0"

Here is the log for the second OT scan...

[File - Lop Check]
File C:\Documents and Settings\All Users\Application Data\yhibcfcd not found!
File C:\WINDOWS\Tasks\XoftSpySE 2.job not found!
File C:\WINDOWS\Tasks\XoftSpySE.job not found!
[Alternate Data Streams]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
Unable to delete ADS C:\Documents and Settings\RodrigoNY\My Documents\Thumbs.db:encryptable .
Unable to delete ADS C:\Documents and Settings\RodrigoNY\Desktop\Thumbs.db:encryptable .
Unable to delete ADS C:\WINDOWS\Thumbs.db:encryptable .
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\fb_608.lck scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF192E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF1A21.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF8BF5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_NfOGGspLNleSwFC scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_4SLl1DtiWql4Ajz scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_DM8FawIbXtDhU7N scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_X3cbawqZvSbYoOx scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Accau36HeSEPVyd scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Gsbm39cXDf3tC04 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_hq3Ps9Nads0VYE5 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_kDEwNLcu8Ce2IZZ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_vkjhEiBBXEshhXH scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_y2xZ1f8JTexzdkf scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_zOAIxadCYO7FIMo scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV16.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.3.1 fix logfile created on 12212008_090342

Files moved on Reboot...
File C:\Documents and Settings\RodrigoNY\Local Settings\Temp\fb_608.lck not found!
File C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF192E.tmp not found!
File C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF1A21.tmp not found!
C:\Documents and Settings\RodrigoNY\Local Settings\Temp\~DF8BF5.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\mcafee_NfOGGspLNleSwFC not found!
File C:\WINDOWS\temp\mcmsc_4SLl1DtiWql4Ajz not found!
File C:\WINDOWS\temp\mcmsc_DM8FawIbXtDhU7N not found!
File C:\WINDOWS\temp\mcmsc_X3cbawqZvSbYoOx not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat not found!
C:\WINDOWS\temp\sqlite_Accau36HeSEPVyd moved successfully.
C:\WINDOWS\temp\sqlite_Gsbm39cXDf3tC04 moved successfully.
C:\WINDOWS\temp\sqlite_hq3Ps9Nads0VYE5 moved successfully.
C:\WINDOWS\temp\sqlite_kDEwNLcu8Ce2IZZ moved successfully.
C:\WINDOWS\temp\sqlite_vkjhEiBBXEshhXH moved successfully.
C:\WINDOWS\temp\sqlite_y2xZ1f8JTexzdkf moved successfully.
C:\WINDOWS\temp\sqlite_zOAIxadCYO7FIMo moved successfully.
File C:\WINDOWS\temp\WFV16.tmp not found!

Registry entries deleted on Reboot...

---------

Here are the results from the Goored Fix...

GooredFix v1.5 by jpshortstuff
Log created at 09:06 on 21/12/2008 running Option #1

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F6049CDC-9FA9-4834-B83E-7B3295359086}"="C:\Documents and Settings\RodrigoNY\Local Settings\Application Data\{F6049CDC-9FA9-4834-B83E-7B3295359086}"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F6049CDC-9FA9-4834-B83E-7B3295359086}"="C:\Documents and Settings\RodrigoNY\Local Settings\Application Data\{F6049CDC-9FA9-4834-B83E-7B3295359086}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

Edited by screen_name, 21 December 2008 - 09:21 AM.

  • 0

#9
Rorschach112
Posted 21 December 2008 - 09:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
How did you log into the account in the end

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
  • 0

#10
screen_name
Posted 21 December 2008 - 09:30 AM

screen_name

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I used the log-in outside this thread by the forums instead and that one went through.



GooredFix v1.5 by jpshortstuff
Log created at 10:28 on 21/12/2008 running Option #2

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F6049CDC-9FA9-4834-B83E-7B3295359086}"="C:\Documents and Settings\RodrigoNY\Local Settings\Application Data\{F6049CDC-9FA9-4834-B83E-7B3295359086}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\RodrigoNY\Local Settings\Application Data\{F6049CDC-9FA9-4834-B83E-7B3295359086}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"
  • 0

Advertisements

#11
Rorschach112
Posted 21 December 2008 - 04:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#12
screen_name
Posted 22 December 2008 - 08:16 AM

screen_name

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

2008-12-21 8:22:14 PM
mbam-log-2008-12-21 (20-22-14).txt

Scan type: Quick Scan
Objects scanned: 57219
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtoligu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\ifofebos.dll (Trojan.Agent) -> Delete on reboot.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 22, 2008 00:27:57
Records in database: 1497857
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 151989
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:52:30

No malware has been detected. The scan area is clean.

The selected area was scanned.
  • 0

#13
Rorschach112
Posted 22 December 2008 - 08:25 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#14
screen_name
Posted 22 December 2008 - 08:34 AM

screen_name

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey brother. Here's the two log's...

info.txt logfile of random's system information tool 1.05 2008-12-22 09:31:30

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Manager 4.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07-->"C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FileZilla Client 3.0.8.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Scanjet 4370-->C:\Program Files\HP\Digital Imaging\{2766C573-EFD3-4f15-83A5-2788B48994F0}\setup\hpzscr01.exe -datfile hpgscr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Ipswitch WS_FTP Professional 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
iTunes-->MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MailNavigator v.1.11-->"C:\Program Files\MailNavigator\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2000 SR-1-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.0-->C:\Program Files\RegCure\uninst.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SWF Opener-->"C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
True Sword 5-->"C:\Program Files\True Sword 5\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCDEasy-->"C:\Program Files\VCDEasy\unins000.exe"
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winmail Reader 1.1.11-->"C:\Program Files\Winmail Reader\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe

=====HijackThis Backups=====

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: RODRIGO
Event Code: 7023
Message: The Application Management service terminated with the following error:
The system cannot find the file specified.


Record Number: 7835
Source Name: Service Control Manager
Time Written: 20081219122201.000000-300
Event Type: error
User:

Computer Name: RODRIGO
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 7834
Source Name: Service Control Manager
Time Written: 20081219122201.000000-300
Event Type: information
User:

Computer Name: RODRIGO
Event Code: 7035
Message: The Application Management service was successfully sent a start control.

Record Number: 7833
Source Name: Service Control Manager
Time Written: 20081219122201.000000-300
Event Type: information
User: RODRIGO\RodrigoNY

Computer Name: RODRIGO
Event Code: 7023
Message: The Application Management service terminated with the following error:
The system cannot find the file specified.


Record Number: 7832
Source Name: Service Control Manager
Time Written: 20081219122201.000000-300
Event Type: error
User:

Computer Name: RODRIGO
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 7831
Source Name: Service Control Manager
Time Written: 20081219122201.000000-300
Event Type: information
User:

Application event log

Computer Name: RODRIGO
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 10124
Source Name: Microsoft Fax
Time Written: 20080225041728.000000-300
Event Type: warning
User:

Computer Name: RODRIGO
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 10123
Source Name: Microsoft Fax
Time Written: 20080225041728.000000-300
Event Type: warning
User:

Computer Name: RODRIGO
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 10122
Source Name: SecurityCenter
Time Written: 20080225041724.000000-300
Event Type: information
User:

Computer Name: RODRIGO
Event Code: 0
Message: Service started successfully.

Record Number: 10121
Source Name: MBackMonitor
Time Written: 20080225041720.000000-300
Event Type: information
User:

Computer Name: RODRIGO
Event Code: 1
Message:
Record Number: 10120
Source Name: Bonjour Service
Time Written: 20080225041717.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by RodrigoNY at 2008-12-22 09:31:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (15%) free of 149 GB
Total RAM: 2046 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:26 AM, on 2008-12-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\RodrigoNY\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\RodrigoNY.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8360 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-23 339968]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-06-17 139264]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-03-10 35328]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2008-07-10 5129504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe [2006-03-24 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-08-27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-04 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MWLExe]
C:\Program Files\Mcafee\MWL\MWLGuiSt.exe [2007-07-28 206184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe [2004-11-11 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-10-31 214560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-08-08 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2004-11-11 806912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\WS_FTP\wsftpgui.exe"="C:\Program Files\WS_FTP\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe"="C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX"
"C:\Program Files\McAfee\MWL\MwlSvc.exe"="C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2008-12-22 09:31:07 ----D---- C:\rsit
2008-12-21 08:48:36 ----D---- C:\_OTScanIt
2008-12-20 09:30:17 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-20 09:30:08 ----A---- C:\rapport.txt
2008-12-20 08:35:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-20 08:35:13 ----A---- C:\WINDOWS\gmer.exe
2008-12-20 08:35:13 ----A---- C:\WINDOWS\gmer.dll
2008-12-19 14:18:25 ----SHD---- C:\RECYCLER
2008-12-19 14:05:57 ----A---- C:\ComboFix.txt
2008-12-19 13:44:36 ----A---- C:\WINDOWS\zip.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\VFIND.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\SWSC.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\SWREG.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\sed.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\grep.exe
2008-12-19 13:44:36 ----A---- C:\WINDOWS\fdsv.exe
2008-12-19 13:44:26 ----D---- C:\Qoobox
2008-12-19 13:22:55 ----D---- C:\Documents and Settings\RodrigoNY\Application Data\Mozilla
2008-12-19 12:57:56 ----D---- C:\Program Files\SpywareGuard
2008-12-19 12:55:57 ----D---- C:\ie-spyad
2008-12-19 11:52:14 ----D---- C:\Program Files\Panda Security
2008-12-19 09:30:43 ----A---- C:\log2.txt
2008-12-19 09:30:43 ----A---- C:\log1.txt
2008-12-19 09:22:08 ----D---- C:\Documents and Settings\RodrigoNY\Application Data\True Sword
2008-12-19 09:21:31 ----A---- C:\WINDOWS\eSellerateControl350.dll
2008-12-19 09:21:30 ----D---- C:\Program Files\True Sword 5
2008-12-19 08:13:19 ----D---- C:\Documents and Settings\RodrigoNY\Application Data\WinRAR
2008-12-19 07:52:53 ----D---- C:\WINDOWS\ERUNT
2008-12-19 07:49:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-18 15:29:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-17 23:57:07 ----D---- C:\Program Files\Trend Micro
2008-12-17 23:51:56 ----A---- C:\Boot.bak
2008-12-17 23:51:47 ----D---- C:\cmdcons
2008-12-17 23:50:16 ----D---- C:\WINDOWS\ERDNT
2008-12-17 07:55:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-17 07:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 16:44:19 ----A---- C:\WINDOWS\system32\bff184af-.txt
2008-12-14 16:32:15 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-12-12 19:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 19:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 19:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 19:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 21:10:48 ----D---- C:\Program Files\QuickTime
2008-12-04 07:18:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 07:18:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 07:18:57 ----A---- C:\WINDOWS\system32\java.exe
2008-11-23 07:29:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-18 07:58:43 ----D---- C:\Program Files\Common Files\eSellerate
2008-11-18 07:58:43 ----A---- C:\WINDOWS\eSellerateEngine.dll
2008-11-18 07:58:22 ----A---- C:\Documents and Settings\RodrigoNY\Application Data\docXConverter (3).ini
2008-11-18 07:58:21 ----D---- C:\Program Files\docXConverter3
2008-11-12 08:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 08:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 08:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 06:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 2 months======

2008-12-22 09:31:10 ----D---- C:\WINDOWS\Temp
2008-12-22 09:30:55 ----D---- C:\WINDOWS\Prefetch
2008-12-22 08:39:22 ----D---- C:\Documents and Settings\RodrigoNY\Application Data\Adobe
2008-12-22 07:18:50 ----D---- C:\WINDOWS
2008-12-22 07:17:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-22 00:01:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-21 20:24:05 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 20:24:05 ----D---- C:\WINDOWS\system32
2008-12-21 18:13:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 08:55:19 ----SD---- C:\WINDOWS\Tasks
2008-12-20 08:07:06 ----RD---- C:\Program Files
2008-12-20 07:54:21 ----D---- C:\Program Files\McAfee
2008-12-19 21:58:16 ----HD---- C:\WINDOWS\inf
2008-12-19 21:57:59 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-19 14:15:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 14:10:59 ----D---- C:\Program Files\Coupons
2008-12-19 14:10:38 ----SHD---- C:\WINDOWS\Installer
2008-12-19 14:10:38 ----HD---- C:\Config.Msi
2008-12-19 13:51:22 ----A---- C:\WINDOWS\system.ini
2008-12-19 13:48:52 ----D---- C:\WINDOWS\system32\config
2008-12-19 13:47:21 ----D---- C:\WINDOWS\AppPatch
2008-12-19 13:47:21 ----D---- C:\Program Files\Common Files
2008-12-19 13:26:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-19 12:51:46 ----D---- C:\WINDOWS\WinSxS
2008-12-19 12:51:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-19 12:51:22 ----D---- C:\Program Files\Common Files\Apple
2008-12-19 12:44:28 ----D---- C:\Program Files\Sun
2008-12-19 12:42:53 ----D---- C:\Program Files\Java
2008-12-19 12:42:01 ----D---- C:\Program Files\Dell
2008-12-19 12:42:01 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-19 12:24:54 ----D---- C:\Program Files\BitLord
2008-12-19 12:08:15 ----RASH---- C:\boot.ini
2008-12-19 12:08:15 ----A---- C:\WINDOWS\win.ini
2008-12-19 12:06:36 ----SHD---- C:\System Volume Information
2008-12-19 12:06:36 ----D---- C:\WINDOWS\system32\Restore
2008-12-19 09:33:03 ----D---- C:\Program Files\Microsoft Works
2008-12-19 08:45:20 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-19 08:44:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 15:30:36 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-17 08:22:59 ----AC---- C:\WINDOWS\wininit.ini
2008-12-17 08:22:56 ----D---- C:\Program Files\Enigma Software Group
2008-12-14 21:52:57 ----A---- C:\avi_log.txt
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 19:11:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 19:10:30 ----D---- C:\Program Files\Internet Explorer
2008-12-11 07:18:17 ----D---- C:\Program Files\XoftSpySE
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-04 07:45:42 ----D---- C:\Program Files\MSN
2008-12-03 15:02:15 ----D---- C:\Documents and Settings\RodrigoNY\Application Data\AdobeUM
2008-12-03 09:00:11 ----D---- C:\Program Files\WS_FTP
2008-11-18 22:43:58 ----RSD---- C:\WINDOWS\Fonts
2008-11-14 08:21:46 ----D---- C:\WINDOWS\Help
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-08-25 176128]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WscNetDr;MWL Filter Miniport; C:\WINDOWS\system32\DRIVERS\WscNetDr.sys [2007-01-02 86848]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\sys
  • 0

#15
Rorschach112
Posted 22 December 2008 - 11:06 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}




Please download the OTMoveIt3 by OldTimer or from here.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\system32\bff184af-.txt

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

*ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

* Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

Thank you for your patience, and performing all of the procedures requested.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP