[Varsq]

Hi,

Ran virus scan successfully. Tried to run Moveit as administrator...program stopped responding while trying to empty temp folder. Exited and retried...same result. When first starting up Moveit, desktop loses icons, only background displayed. Also malwarebytes antimalware tries to load on startup and is blocked.

Thanks

[Advertisements]

That sounds like an anti-malware program getting in the way.

Please ensure Windows Defender is disabled.

Disable Windows Defender to prevent it from interfering with our fixes.

Go to this link for instructions on how to enable/disable Windows Defender

http://windowshelp.m...1bf0dc1033.mspx

Also check any other anti-virus, anti-spyware programs or firewalls and disable them.

After that try again and report back.

[emeraldnzl]

That sounds like an anti-malware program getting in the way.

Please ensure Windows Defender is disabled.

Disable Windows Defender to prevent it from interfering with our fixes.

Go to this link for instructions on how to enable/disable Windows Defender

http://windowshelp.m...1bf0dc1033.mspx

Also check any other anti-virus, anti-spyware programs or firewalls and disable them.

After that try again and report back.

[Varsq]

Here 'Tis. Thanks

VirSCAN.org Scanned Report :
Scanned time : 2008/11/24 08:13:56 (PST)
Scanner results: 3% Scanner(1/39) found malware!
File Name : hijackthis.exe
File Size : 401720 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : e8269245566be948f6a219135b434160
SHA1 : 1ac255b76ef692ea6c09d4840dcd28c67c5d6bfe
Online report : http://virscan.org/r...135b434160.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.26 20081124230322 2008-11-24 3.27 -
AhnLab V3 2008.11.24.03 2008.11.24 2008-11-24 1.05 -
AntiVir 7.9.0.35 7.1.0.130 2008-11-24 1.59 -
Antiy 2.0.18 20081124.1724866 2008-11-24 0.12 -
Arcavir 1.0.5 200811231052 2008-11-23 1.41 -
Authentium 5.1.1 200811241319 2008-11-24 1.15 -
AVAST! 3.0.1 081123-0 2008-11-23 0.12 -
AVG 7.5.52.442 270.9.9/1809 2008-11-24 1.83 -
BitDefender 7.81008.2258614 7.22059 2008-11-24 2.14 -
CA (VET) 9.0.0.143 31.6.6225 2008-11-24 4.79 -
ClamAV 0.94.1 8671 2008-11-24 0.32 -
Comodo 2.11 2.0.0.712 2008-11-20 0.52 -
CP Secure 1.1.0.715 2008.11.24 2008-11-24 6.41 W32.W.Huhk.a
Dr.Web 4.44.0.9170 2008.11.24 2008-11-24 3.77 -
ewido 4.0.0.2 2008.11.24 2008-11-24 5.72 -
F-Prot 4.4.4.56 20081124 2008-11-24 1.15 -
F-Secure 5.51.6100 2008.11.24.08 2008-11-24 0.35 -
Fortinet 2.81-3.117 9.738 2008-11-23 0.35 -
GData 19.1653/19.118 20081124 2008-11-24 3.27 -
ViRobot 20081121 2008.11.21 2008-11-21 0.41 -
Ikarus T3.1.01.45 2008.11.24.71906 2008-11-24 3.54 -
JiangMin 11.0.706 2008.11.24 2008-11-24 1.43 -
Kaspersky 5.5.10 2008.11.24 2008-11-24 0.32 -
KingSoft 2008.9.8.18 2008.11.24.20 2008-11-24 0.78 -
McAfee 5.3.00 5443 2008-11-23 3.29 -
Microsoft 1.4104 2008.11.24 2008-11-24 5.23 -
mks_vir 2.01 2008.11.17 2008-11-17 2.83 -
Norman 5.93.01 5.93.00 2008-11-22 5.19 -
Panda 9.05.01 2008.11.23 2008-11-23 2.46 -
Trend Micro 8.700-1004 5.672.05 2008-11-24 0.09 -
Quick Heal 10.00 2008.11.24 2008-11-24 0.95 -
Rising 20.0 21.05.02.00 2008-11-24 1.13 -
Sophos 2.80.0 4.35 2008-11-24 3.07 -
Sunbelt 4474 4474 2008-11-04 0.50 -
Symantec 1.3.0.24 20081123.004 2008-11-23 0.20 -
nProtect 2008-11-21.03 2625860 2008-11-21 3.40 -
The Hacker 6.3.1.1 v00161 2008-11-24 0.59 -
VBA32 3.12.8.9 20081123.1550 2008-11-23 1.65 -
VirusBuster 4.5.11.10 10.94.5/715575 2008-11-24 3.82 -

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Users\Cheryl\Contacts\Documents\Downloads\c-setup.exe not found.
File/Folder C:\Users\Cheryl\Contacts\Documents\Downloads\Microsoft_Points_Generator.rar not found.
File/Folder C:\Users\Cheryl\Contacts\Documents\LimeWire\Incomplete\T-5745425-digital thugz kanye west.mp3 not found.
File/Folder C:\Users\Cheryl\Contacts\Documents\LimeWire\Incomplete\T-5745425-Gangstarr - you know.mp3 not found.
File/Folder C:\Users\Cheryl\Contacts\Documents\LimeWire\Saved\spazberry bonds.wma not found.
File/Folder C:\Users\Cheryl\Contacts\Documents\LimeWire\Saved\today tom scott - greatest hits.wma not found.
========== COMMANDS ==========
File delete failed. C:\Users\Cheryl\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JETA082.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12082008_113121

Files moved on Reboot...
C:\Users\Cheryl\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Windows\temp\JETA082.tmp not found!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 15:52:54
Records in database: 1444112
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 186502
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:34:34


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\12082008_084258\Users\Cheryl\Contacts\Documents\Downloads\c-setup.exe Infected: Trojan-Downloader.Win32.Delf.iqn 1
C:\_OTMoveIt\MovedFiles\12082008_084258\Users\Cheryl\Contacts\Documents\Downloads\Microsoft_Points_Generator.rar Infected: Trojan-Spy.Win32.Ardamax.t 1
C:\_OTMoveIt\MovedFiles\12082008_084258\Users\Cheryl\Contacts\Documents\LimeWire\Incomplete\T-5745425-digital thugz kanye west.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\_OTMoveIt\MovedFiles\12082008_084258\Users\Cheryl\Contacts\Documents\LimeWire\Incomplete\T-5745425-Gangstarr - you know.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\_OTMoveIt\MovedFiles\12082008_084258\Users\Cheryl\Contacts\Documents\LimeWire\Saved\spazberry bonds.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\_OTMoveIt\MovedFiles\12082008_084258\Users\Cheryl\Contacts\Documents\LimeWire\Saved\today tom scott - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.

[emeraldnzl]

Looking good.

That one checked by VIRSCAN was only found to have malware by one anti-virus. I am inclined to think that was a false positive seeing none of the others found anything. I suppose you could delete it if you are worried otherwise I would leave it.

The ones Kaspersky found this time are quarantined by the tools we are using. We will remove them at the end.

Meantime

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

When you come back please post

• MBAM report
• a new HijackThis log
• and tell me how your computer is performing now

[Varsq]

Hi,

Computer seems to run fine. MBAM did not find any threats to delete. After running it and HijackHere are logs...

Malwarebytes' Anti-Malware 1.31
Database version: 1475
Windows 6.0.6000

12/9/2008 10:08:16 AM
mbam-log-2008-12-09 (10-08-16).txt

Scan type: Quick Scan
Objects scanned: 52558
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.04 (written by random/random)
Run by Cheryl at 2008-12-09 10:12:01
Microsoft® Windows Vista™ Home Premium
System drive C: has 36 GB (34%) free of 108 GB
Total RAM: 1982 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:10 AM, on 12/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Cheryl\Desktop\RSIT.exe
C:\Users\Cheryl\Desktop\Cheryl.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBusterPro] "C:\Program Files\VoipBusterPro.com\VoipBusterPro\VoipBusterPro.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.app.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12140 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForCheryl.job
C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Cheryl.job
C:\Windows\tasks\User_Feed_Synchronization-{49E638D5-5A16-4F5B-AA85-6A58AEAB3226}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-27 441408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-05-16 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-09 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-03-13 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-15 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-27 441408]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-04-12 1006264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-14 815104]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-11-24 167936]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-11-28 46704]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-12-06 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-06 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-06 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-08-10 221184]
"DMXLauncher"=C:\Program Files\Roxio\Media Experience\DMXLauncher.exe [2006-08-14 102400]
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-07-31 1116920]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 1265296]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2007-03-05 1103480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-11-02 171448]
"VoipBuster"=C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe -nosplash -minimized []
"PoivY"=C:\Program Files\PoivY.com\PoivY\PoivY.exe -nosplash -minimized []
"VoipBusterPro"=C:\Program Files\VoipBusterPro.com\VoipBusterPro\VoipBusterPro.exe -nosplash -minimized []
"VoipStunt"=C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -nosplash -minimized []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.app.exe -nosplash -minimized []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe

C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip\uzqkst.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======List of files/folders created in the last 1 months======

2008-12-08 19:00:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-06 20:43:08 ----D---- C:\Users\Cheryl\AppData\Roaming\UltimateZip
2008-12-06 20:43:08 ----D---- C:\Program Files\UltimateZip
2008-12-05 09:54:45 ----D---- C:\ProgramData\WinZipSE
2008-12-02 16:35:03 ----D---- C:\Program Files\7-Zip
2008-12-01 19:49:29 ----D---- C:\SDFix
2008-12-01 19:10:55 ----D---- C:\Avenger
2008-12-01 19:10:54 ----A---- C:\avenger.txt
2008-12-01 18:56:38 ----D---- C:\Users\Cheryl\AppData\Roaming\Malwarebytes
2008-12-01 18:56:32 ----D---- C:\ProgramData\Malwarebytes
2008-12-01 18:42:28 ----D---- C:\_OTMoveIt
2008-12-01 11:03:14 ----D---- C:\rsit
2008-11-28 02:21:53 ----D---- C:\Program Files\GOG.com
2008-11-28 02:06:32 ----D---- C:\Users\Cheryl\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2008-11-28 02:05:40 ----D---- C:\Program Files\GOG.com Downloader
2008-11-28 02:05:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-26 16:15:46 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-26 16:15:46 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-26 16:15:46 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 16:15:43 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 16:15:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 16:15:43 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 16:15:40 ----A---- C:\Windows\system32\connect.dll
2008-11-21 23:48:38 ----A---- C:\Windows\system32\wups2.dll
2008-11-21 23:48:38 ----A---- C:\Windows\system32\wucltux.dll
2008-11-21 23:48:38 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-21 23:48:38 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-21 23:48:22 ----A---- C:\Windows\system32\wups.dll
2008-11-21 23:48:22 ----A---- C:\Windows\system32\wudriver.dll
2008-11-21 23:48:22 ----A---- C:\Windows\system32\wuapi.dll
2008-11-21 23:48:16 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-21 23:48:16 ----A---- C:\Windows\system32\wuapp.exe
2008-11-18 17:43:06 ----D---- C:\Program Files\Enigma Software Group
2008-11-12 19:11:10 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 19:11:09 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-12 19:11:04 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-12 19:11:04 ----A---- C:\Windows\system32\msxml6.dll

======List of files/folders modified in the last 1 months======

2008-12-09 10:11:50 ----D---- C:\Windows\Temp
2008-12-09 10:02:51 ----D---- C:\Windows\System32
2008-12-09 10:02:51 ----D---- C:\Windows\inf
2008-12-09 10:02:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-09 09:56:02 ----D---- C:\Windows\Prefetch
2008-12-08 21:43:51 ----D---- C:\Downloads
2008-12-08 19:01:09 ----D---- C:\Windows\system32\drivers
2008-12-08 19:00:17 ----D---- C:\Program Files
2008-12-07 22:12:26 ----A---- C:\ProgramData\DragToDiscUserNameE.txt
2008-12-06 20:41:47 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 17:27:10 ----D---- C:\Users\Cheryl\AppData\Roaming\LimeWire
2008-12-06 17:21:46 ----AD---- C:\Windows
2008-12-05 09:54:45 ----HD---- C:\ProgramData
2008-12-05 00:13:21 ----D---- C:\Windows\system32\catroot2
2008-12-02 16:44:09 ----D---- C:\Program Files\WinRAR
2008-12-01 19:52:41 ----A---- C:\Windows\ntbtlog.txt
2008-12-01 18:42:29 ----D---- C:\Program Files\Search Settings
2008-12-01 18:38:39 ----SD---- C:\Windows\Downloaded Program Files
2008-11-28 19:10:45 ----SHD---- C:\Windows\Installer
2008-11-28 02:05:07 ----D---- C:\Users\Cheryl\AppData\Roaming\Adobe
2008-11-28 02:05:07 ----D---- C:\ProgramData\Adobe
2008-11-28 02:05:01 ----D---- C:\Program Files\Common Files
2008-11-27 23:48:44 ----D---- C:\Users\Cheryl\AppData\Roaming\uTorrent
2008-11-27 03:27:54 ----D---- C:\Windows\winsxs
2008-11-26 16:15:30 ----D---- C:\Windows\system32\catroot
2008-11-22 00:26:26 ----D---- C:\Windows\system32\en-US
2008-11-18 17:43:12 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2006-08-01 28216]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.002\IDSvix86.sys [2008-09-11 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-08-08 35128]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-08-08 32504]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-08-08 9432]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-08-08 104504]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-08-08 26136]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-08-08 14552]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-08-08 97880]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-08-08 94680]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 534016]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-16 14208]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-11-18 145920]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081208.022\NAVENG.SYS [2008-11-11 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081208.022\NAVEX15.SYS [2008-11-11 876112]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-01 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-06 4456416]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-01-03 47360]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-06-13 82432]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-08-14 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-14 179256]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-16 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 534016]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-01 163328]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-10-18 73344]
S3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-10-18 43904]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys [2006-08-09 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-11-28 63080]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-05-09 1245064]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [2006-08-10 294912]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2006-08-10 303104]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-08-10 159744]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-02 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [2006-08-10 57344]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-08-10 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-07-20 73728]

-----------------EOF-----------------


Thanks

[emeraldnzl]

Hello Varsq,

Your machine looks clean to me.

We have a couple of last steps to perform and then you're all set.

Please go here to download OTCleanIt.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

-------------------------------------------------------------------------------------------------------------------

Check your Adobe Acrobat Reader; it may be out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

• ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".a
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

------------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

Before you do though remember that running two or more real-time (some of these are not real-time) anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

• SUPERAntiSpyware Free for Home Users to detect and remove spyware.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  
  If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
• Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

• AdAware SE Personal
  
• Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!

[Varsq]

Hi,

Ran OTCleanIt. Looked for My Computer on Cheryl/desktop. Not there. Went to level above ... simply Desktop. File shown called Computer. Right clicked on it and was sent from Properties to System. Clicked on System Protection. Clicking on that produced box of same name open to tab System Restore. Says system has no restore points. Selecting drive on which to make restore point does not activate Apply or Create Restore Point buttons...they remain greyed out.

Perhaps Vista has been corrupted and altered?

Should I re-activate Windows Defender? Currently off.

Thanks for all of your help.

[emeraldnzl]

Hello Varsq,

All that OTCleanIt does is remove the programs we have been using.

Have you tried re-booting your computer?

[Varsq]

Hi

Thank you so much for all the help. I was able to set a system restore point, though My Computer seems not to exist. I have no option to turn System Restore on or off. The process is different than the one you provided. I hope I have done this correctly. I have enabled Windows Defender and will make the improvements and protections you have suggested.

Happy Holidays to you. Your kind help has been a blessing to me.

[emeraldnzl]

Hi Varsq,

Glad to hear from you I was worried that we had left you with a problem.

Is you computer working Okay now?

If it isn't please tell me what is happening and we will find a way to deal with it.

[Varsq]

Seems to be working fine. Had trouble deleting HijackThis and another program with same icon called Cheryl.exe. When dragged to trash they tried to run scan. Deleted HiJack through control panel and got rid of both. One folder that appeared on my desktop early in our malware removal process is called System Restore. It contains two files: SysRestorePoint.exe and SysRestorePoint_v13.zip. They are attributed to "Doug Knox". Can the presence of this app and file be the reason my system restore process is different than the one you documented? The zip file was created 11-25-08.

Thanks

[emeraldnzl]

One folder that appeared on my desktop early in our malware removal process is called System Restore. It contains two files: SysRestorePoint.exe and SysRestorePoint_v13.zip. They are attributed to "Doug Knox". Can the presence of this app and file be the reason my system restore process is different than the one you documented? The zip file was created 11-25-08.

Okay, that is not where System Restore usually is, either in XP or Vista.

I have heard of a System Restore folder being placed on the desktop but only with the users knowledge.

That doesn't mean it doesn't happen, only that I don't know about it.

I think this is a question for the techs.

Firstly though, we need to make sure there is no malware left. Are those folders still there?

Also I take it you are not Doug Knox so do you know of a Doug Knox i.e. do you know how that folder could have got there.?

Another question; was this computer new when you got it? Again, could someone else have used it and not cleaned away changes they made?

The reason I ask these questions is to try and ascertain whether the malware did this or whether someone else did it.

[Varsq]

Take a look at my 11/25, 7:58pm post. The folder appeared after I had the trouble I described after running ATF cleaner and then attempting to run System restore. By the way, I have not used the "Doug Knox" app. I used the windows system restore utility, though it didn't give me any on/off options. The Doug Knox reference is found when right-clicking Properties and going to Details - copyright.

Have had the computer for over a year. Never heard of Brother Knox before. Ran a quick scan of Norton today. It was the original discoverer of the ardakey. This latest scan did not detect it.

[emeraldnzl]

Okay then. I am learning every day.

Carried out a little research and found this:

http://www.dougknox....estorepoint.htm

Seems to be an app to simplify System Restore in XP and Vista machines.

Don't know how it got on your computer. I am not aware of it being used by any of our tools although I see there have been other tools used on your computer in the past.

Could be why my System Restore instructions "did not compute" so to speak on your computer.

Not malware.

I imagine it is up to the user as to whether they keep it.

Otherwise you say your computer is working fine so I will close this after a short while.

Note: I won't do it straight away just in case you have any further questions.

[emeraldnzl]

Further to the above.

Seems I should read the Self Help section of our own forum more often.

That restore point utility is actually recommended by the Self Help section as a protection in case of a problem.

In other words you can restore your computer using that restore point if something goes wrong in the cleaning process.

So there you go. I have learnt some more.