Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinPC Antivirus [Solved]

Started by AusFeathers , May 09 2009 07:09 PM

  • This topic is locked This topic is locked

#1
AusFeathers
Posted 09 May 2009 - 07:09 PM

AusFeathers

    Member

  • Member
  • PipPip
  • 35 posts
Last night while running a google search, but noticed that the fonts onscreen were bigger than usual, and if I clicked on the result I wanted to look at, it opened in a new window, which I knew wasn't right, so I closed it.

About 5 minutes later I started getting popups from WinPC Antivirus saying my computer was infected and such and to click to let it remove it for me. I knew it wasn't right, so I ignored it and went offline to run MBAM, but though I get the hourglass come up, the program never runs. I can't run Spybot either.

I rebooted and started in safe mode, which is when I saw a desktop icon for WinPC. I can run Norman malware cleaner in safe mode, but still not MBAM or Spybot.
It picked up 7 infections mostly Renos.ffx.

I rebooted normally after that and then found I couldn't click on anything on the desktop. I've got access back to the internet again, so any help in getting rid of this is greatly appreciated.

Sorry for the delay, here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:45 AM, on 12/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fordforums.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.search.yah...?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\VistaMagicPack\Styler\TB\StylerTB.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sysav] C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10963 bytes

Edited by AusFeathers, 11 May 2009 - 05:50 PM.

  • 0

Advertisements

#2
AusFeathers
Posted 11 May 2009 - 04:53 PM

AusFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Sorry, I know we're not meant to reply to our own posts, but I have logs to post from OTlistIT and Rooter, that may help speed up the process when someone looks at the topic.

Now it's starting to redirect my google searches as well.

OTListIT:

TListIt logfile created on: 12/05/2009 12:20:06 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

767.48 Mb Total Physical Memory | 138.07 Mb Available Physical Memory | 17.99% Memory free
1.83 Gb Paging File | 0.99 Gb Available in Paging File | 54.07% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.25 Gb Total Space | 8.18 Gb Free Space | 25.38% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 1.53 Gb Free Space | 30.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GERARDINE
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe ()
PRC - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LMIMaint [Disabled | Stopped]) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn [Disabled | Stopped]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (CCCP106 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\cccp106.sys ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaInfo.sys (LogMeIn, Inc.)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys (LT)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USB_RNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fordforums.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/04/28 22:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/20 10:35:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (305862 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10531 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\VistaMagicPack\Styler\TB\StylerTB.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" (McAfee)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [sysav] C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/23 21:58:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/15 20:57:52 | 00,000,025 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{cd26080e-860e-11dd-8816-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{cd26080e-860e-11dd-8816-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\*.tmp files]
[2009/05/12 10:03:55 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/12 10:02:38 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Rooter.exe
[2009/05/12 08:54:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\OTListIt2.exe
[2009/05/10 13:56:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/10 13:56:05 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/10 13:56:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/10 13:55:18 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\pomegranate.exe
[2009/05/09 23:26:21 | 00,001,885 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\WinPC Antivirus.LNK
[2009/05/09 23:24:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\ieocx.dll
[2009/05/07 22:40:30 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/05/07 22:39:52 | 00,000,000 | ---D | C] -- C:\Program Files\Razer
[2009/05/07 22:37:15 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/05/07 22:37:15 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/05/07 22:37:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/05/07 22:37:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/05/07 22:30:14 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/05/07 22:30:14 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/05/07 22:30:07 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/05/07 22:30:07 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/05/04 22:56:04 | 01,095,168 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe
[2009/05/02 23:40:52 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2009/05/02 23:40:52 | 00,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/05/02 23:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/05/02 20:15:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\Malwarebytes
[2009/05/02 20:15:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/02 20:15:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/01 23:15:22 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/05/01 19:55:40 | 38,597,176 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Norman_Malware_Cleaner.exe
[2009/05/01 19:54:20 | 00,286,208 | ---- | C] () -- C:\Program Files\Gamers.exe
[2009/05/01 19:46:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/01 19:46:11 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/01 19:45:54 | 00,000,619 | ---- | C] () -- C:\Program Files\NTREGOPT.lnk
[2009/05/01 19:45:54 | 00,000,600 | ---- | C] () -- C:\Program Files\ERUNT.lnk
[2009/05/01 19:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/01 13:49:28 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis.exe
[2009/04/30 10:38:53 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Microsoft Works Task Launcher.lnk
[2009/04/30 10:38:41 | 00,001,850 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Encarta Encyclopedia Standard Edition - 2005.lnk
[2009/04/30 10:38:20 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Outlook Express.lnk
[2009/04/30 10:36:54 | 00,001,841 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Windows Live Mail.lnk
[2009/04/29 23:09:48 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2009/04/29 23:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\UltraUXThemePatcher
[2009/04/29 22:54:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\VistaMizer
[2009/04/29 22:52:13 | 19,530,202 | ---- | C] (Manuel Hoefs (alias Zottel)) -- C:\Program Files\VistaMizer_3.2.0.0.exe
[2009/04/18 22:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2009/04/18 22:42:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009/03/26 23:15:42 | 00,000,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/27 06:28:48 | 00,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/09/22 23:10:27 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/19 17:12:32 | 00,061,440 | R--- | C] () -- C:\WINDOWS\System32\dcccp106.dll
[2008/09/19 17:12:31 | 00,227,200 | R--- | C] () -- C:\WINDOWS\System32\drivers\cccp106.sys
[2008/09/19 17:12:31 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\vcccp106.dll
[2008/09/19 16:02:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/10/24 10:20:20 | 00,000,321 | R--- | C] () -- C:\WINDOWS\DC2110a.ini
[2007/10/24 10:20:19 | 00,015,542 | R--- | C] () -- C:\WINDOWS\cccp106.ini
[2007/09/09 22:10:16 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/09/09 22:10:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2007/09/09 22:09:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/09/09 22:09:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/09/09 21:45:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2007/09/09 20:37:46 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/05/14 17:04:23 | 00,000,416 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/11/18 13:50:27 | 00,036,864 | ---- | C] () -- C:\WINDOWS\JPGL.DLL
[2006/11/18 13:50:27 | 00,032,768 | ---- | C] () -- C:\WINDOWS\DIV_IYUV.DLL
[2006/06/01 19:22:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 19:22:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 19:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 19:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 19:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 19:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/03/10 02:48:40 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/10 02:43:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/10 02:43:52 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/10 02:43:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/10 02:43:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/10 02:43:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/10 02:43:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/10 02:05:07 | 00,013,209 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/10 02:04:53 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/10 01:44:49 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/10 01:28:55 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/10 01:26:28 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/10 01:26:28 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/10 01:25:39 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/24 08:48:50 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/11/23 21:58:02 | 00,000,537 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/09/14 09:35:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 01:14:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 01:14:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 21:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2002/03/17 10:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000011.DLL

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/05/12 12:22:01 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/05/12 10:25:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/12 10:03:54 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Rooter.exe
[2009/05/12 08:54:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\OTListIt2.exe
[2009/05/12 08:35:09 | 00,019,857 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/12 08:34:25 | 00,001,885 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\WinPC Antivirus.LNK
[2009/05/12 08:32:27 | 00,178,464 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/12 08:32:14 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/05/12 08:31:57 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Local Settings\desktop.ini
[2009/05/12 08:31:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/12 08:31:55 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/12 08:31:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/12 08:19:18 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/10 23:01:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/10 22:53:25 | 00,028,672 | ---- | M] () -- C:\WINDOWS\ieocx.dll
[2009/05/10 11:01:52 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Spybot - Search & Destroy.lnk
[2009/05/09 16:47:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/04 22:56:04 | 01,095,168 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe
[2009/05/03 19:25:12 | 00,305,862 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/03 19:06:24 | 00,305,209 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090503-192512.backup
[2009/05/02 23:40:53 | 00,000,537 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/02 23:40:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/02 23:40:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/02 23:33:15 | 00,338,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/01 19:55:45 | 38,597,176 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Norman_Malware_Cleaner.exe
[2009/05/01 19:46:11 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/01 01:00:00 | 00,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/04/30 10:38:53 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Microsoft Works Task Launcher.lnk
[2009/04/30 10:38:41 | 00,001,850 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Encarta Encyclopedia Standard Edition - 2005.lnk
[2009/04/30 10:38:20 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Outlook Express.lnk
[2009/04/30 10:36:54 | 00,001,841 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Desktop\Windows Live Mail.lnk
[2009/04/29 23:09:48 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2009/04/29 23:09:48 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll
[2009/04/18 22:29:47 | 00,305,209 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090503-190624.backup
[2009/04/16 23:38:30 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 23:38:30 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 23:38:30 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 23:32:52 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\dukulihe
[2009/04/16 23:06:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

ROOTER:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:33023 Mo/Free:219 Mo)
D:\ [Fixed] - FAT32 - (Total:5120 Mo/Free:1563 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)

Tue 12/05/2009|10:35

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\windows\system\hpsysdrv.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\HP\KBD\KBD.EXE
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee.com\Agent\mcagent.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\WINDOWS\ALCXMNTR.EXE
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
---------- C:\Program Files\QuickTime\QTTask.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Documents and Settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe
---------- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\Windows Live\Contacts\wlcomm.exe
---------- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 12/05/2009|10:36

Edited by AusFeathers, 11 May 2009 - 08:31 PM.

  • 0

#3
sage5
Posted 14 May 2009 - 08:46 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AusFeathers,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5, and I will be helping you with this problem.

There are a some things that I need to make clear to you, before we continue, that will help us both:
  • Please read all of my instructions, in each post, before you continue with the fix. (If there is anything that you need clarified/don't understand, please ask)
  • Please don't perform any steps/fixes with tools that I have not asked you to do. Many of the fixes require specific steps to be taken in a set order.
  • Make sure that all of the logs/reports, that I ask for, get posted completely.
  • Check out the information Here, if you are unsure how to send replies etc

OK, on with the fix:

First I need you to download the following tools & save them to your Desktop.
ComboFix from one of these locations:
Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply.



Cheers,

sage5
  • 0

#4
AusFeathers
Posted 15 May 2009 - 04:51 AM

AusFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hello sage5, and thank you for your help.

I ran combofix today while on a break from work, and while I did disable all my AV and such before it started, I had to leave and go back to work partway through, so what happened after the scan started I don't know.

I should add that between the time I made the original post and now, I've managed to get rid of the pop ups and desktop icon for WinPC Antivirus. But I realise that some of it is still most likely floating around on the system.

Combofix log:

ComboFix 09-05-14.03 - Compaq_Owner 15/05/2009 14:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.540 [GMT 10:00]
Running from: c:\documents and settings\Compaq_Owner.GERARDINE.000\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\ieocx.dll
c:\windows\msnimport.exe
c:\windows\system32\drivers\UACvkopapulvhoorwi.sys
c:\windows\system32\UACabyrevffukmlbfo.log
c:\windows\system32\UACaublnstiqoibbxh.dll
c:\windows\system32\UAChioykmcilkdwqbu.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjhdlbloxwafmtuv.log
c:\windows\system32\UACnbgoxvexmlamyqw.dll
c:\windows\system32\UACtfsmxqrdysnkivm.dll
c:\windows\system32\UACtvxnhkglslxsvvb.dll
c:\windows\system32\UACyklruwrrdpstxtl.log
c:\windows\system32\UACyssrshkybstqrte.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://softwaredownloadcentercom.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-13 12:40 . 2009-05-13 12:40 215 ----a-w c:\documents and settings\Compaq_Owner.GERARDINE.000\Application Data\asd.bat
2009-05-13 12:39 . 2009-05-13 12:39 53248 ----a-w c:\windows\system32\drivers\UACnoxujyibqaqbuya.sys
2009-05-12 00:03 . 2009-05-12 00:36 -------- d-----w C:\Rooter$
2009-05-10 03:56 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 03:56 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 03:55 . 2009-05-10 03:55 2967800 ----a-w c:\program files\pomegranate.exe
2009-05-07 12:40 . 2009-05-07 12:40 -------- d-----w c:\program files\DIFX
2009-05-07 12:39 . 2009-05-07 12:39 -------- d-----w c:\program files\Razer
2009-05-07 12:37 . 2004-08-03 14:56 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-07 12:37 . 2004-08-03 14:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-07 12:37 . 2004-08-03 12:58 14848 ----a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-07 12:37 . 2004-08-03 12:58 14848 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-07 12:30 . 2001-08-17 04:02 9600 ----a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-07 12:30 . 2001-08-17 04:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-07 12:30 . 2004-08-03 13:08 31616 ----a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-07 12:30 . 2004-08-03 13:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-02 13:40 . 2009-05-10 01:12 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-02 10:15 . 2009-05-02 10:15 -------- d-----w c:\documents and settings\Compaq_Owner.GERARDINE.000\Application Data\Malwarebytes
2009-05-02 10:15 . 2009-05-02 10:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 10:15 . 2009-05-14 13:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 13:15 . 2009-05-01 23:13 -------- d-----w c:\program files\trend micro
2009-05-01 10:00 . 2009-05-01 10:00 -------- d-sh--w c:\documents and settings\Administrator.GERARDINE\IETldCache
2009-05-01 09:54 . 2009-05-01 09:54 286208 ----a-w c:\program files\Gamers.exe
2009-05-01 09:45 . 2009-05-01 09:46 -------- d-----w c:\program files\ERUNT
2009-05-01 03:49 . 2009-05-01 03:49 401720 ----a-w c:\program files\HiJackThis.exe
2009-04-29 13:09 . 2009-04-29 13:09 -------- d-----w c:\program files\UltraUXThemePatcher
2009-04-29 12:54 . 2009-04-29 13:09 -------- d-----w c:\windows\VistaMizer
2009-04-29 12:52 . 2009-04-29 12:52 19530202 ----a-w c:\program files\VistaMizer_3.2.0.0.exe
2009-04-18 12:42 . 2009-04-18 12:42 -------- d-----w c:\windows\Performance
2009-04-18 12:42 . 2009-04-29 13:24 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 10:34 . 2008-12-20 00:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-12 10:32 . 2005-03-09 15:33 -------- d-----w c:\program files\Java
2009-05-12 10:02 . 2006-09-21 08:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-10 06:25 . 2008-04-12 07:12 -------- d-----r c:\program files\LimeWire
2009-05-09 11:33 . 2006-09-21 09:11 -------- d-----w c:\program files\City of Heroes
2009-05-07 12:39 . 2005-03-09 16:01 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-03 00:34 . 2008-09-19 08:18 86136 -c--a-w c:\documents and settings\Compaq_Owner.GERARDINE.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 09:45 . 2009-05-01 09:45 619 ----a-w c:\program files\NTREGOPT.lnk
2009-05-01 09:45 . 2009-05-01 09:45 600 ----a-w c:\program files\ERUNT.lnk
2009-04-29 13:24 . 2009-03-28 11:34 -------- d-----w c:\program files\Yahoo!
2009-04-29 13:09 . 2004-08-04 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-18 01:43 . 2006-09-20 01:24 -------- d-----w c:\program files\McAfee
2009-04-17 14:45 . 2008-09-22 04:22 -------- d-----w c:\program files\LogMeIn
2009-04-10 23:22 . 2005-03-09 16:00 -------- d-----w c:\program files\iTunes
2009-04-10 23:21 . 2005-03-09 16:00 -------- d-----w c:\program files\iPod
2009-03-25 01:06 . 2006-09-20 01:25 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 01:06 . 2006-09-20 01:25 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 01:06 . 2006-09-20 01:25 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 01:06 . 2006-09-20 01:25 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 01:05 . 2008-09-19 08:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-21 03:58 . 2008-10-10 03:45 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-19 06:32 . 2004-09-14 10:38 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-07 17:34 . 2004-08-04 12:00 1016320 ----a-w c:\windows\system32\wininet.dll
2009-03-07 17:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 17:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 17:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 17:32 . 2004-08-04 12:00 107008 ----a-w c:\windows\system32\admparse.dll
2009-03-07 17:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 17:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 17:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 17:31 . 2004-08-04 12:00 94720 ----a-w c:\windows\system32\mshta.exe
2009-03-07 17:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 12:59 . 2009-03-12 11:18 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 12:59 . 2008-09-20 10:38 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-22 23:14 . 2008-10-22 22:56 8419056 ----a-w c:\program files\etax2008_1.exe
2008-09-28 04:48 . 2008-09-28 04:48 140288 ----a-w c:\program files\vcleaner.exe
2008-09-23 01:31 . 2008-09-23 01:31 99962 -c--a-w c:\program files\6.0.2900.5512_EN.rar
2008-09-22 23:53 . 2008-09-22 23:53 3590583 ----a-w c:\program files\vdownloader.73.zip
2008-09-22 04:20 . 2008-09-22 04:19 9246720 -c--a-w c:\program files\LogMeIn.msi
2008-09-22 04:01 . 2008-09-22 04:01 1168634 ----a-w c:\program files\uxpatcher.zip
2008-09-19 07:59 . 2008-09-19 07:59 1226248 ----a-w c:\program files\DMSetup.exe
2008-09-01 09:01 . 2008-09-01 09:01 17177896 ----a-w c:\program files\msnm800812.exe
2008-03-20 11:30 . 2008-03-20 11:30 595380 -c--a-w c:\program files\Razor_Vista___Updated_by_zrageburn.rar
2008-01-29 08:36 . 2008-01-29 08:36 1878173 ----a-w c:\program files\MidsHD13.zip
2007-09-10 08:41 . 2007-09-10 08:41 1537536 ----a-w c:\program files\CJXP1020SE.exe
2007-06-22 08:18 . 2007-06-22 08:18 3277696 ----a-w c:\program files\DivXCodec.exe
2007-03-30 16:33 . 2007-02-20 18:23 37860928 ----a-w c:\program files\iTunesSetup.exe
2006-12-01 11:16 . 2006-12-01 11:16 14879120 ----a-w c:\program files\GoogleEarthWin.exe
2006-09-21 07:58 . 2006-09-21 07:58 5037072 ----a-w c:\program files\Spybot.exe
2006-09-21 07:54 . 2006-09-21 07:54 2855080 ----a-w c:\program files\Ad-aware.exe
2006-09-21 06:53 . 2006-09-21 06:53 16332072 ----a-w c:\program files\Install_Messenger_nous.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-09 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\Compaq_Owner.GERARDINE.000\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-3-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-20 09:37 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3/08/2007 3:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [22/09/2008 2:23 PM 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [19/09/2008 6:19 PM 210216]
R3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [19/09/2008 5:12 PM 227200]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [22/12/2008 9:54 AM 33752]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys --> c:\windows\system32\Drivers\Lycosa.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]

2009-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 11:33]

2009-03-14 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-04 12:00]

2009-04-30 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2006-09-20 23:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-sysav - c:\documents and settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fordforums.com.au/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 14:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
Completion time: 2009-05-15 14:18
ComboFix-quarantined-files.txt 2009-05-15 04:17

Pre-Run: 8,321,597,440 bytes free
Post-Run: 8,766,492,672 bytes free

233 --- E O F --- 2009-05-13 12:12

Edited by AusFeathers, 15 May 2009 - 04:57 AM.

  • 0

#5
sage5
Posted 15 May 2009 - 05:14 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AusFeathers,

Spy-Bot's TeaTimer can sometimes prevent some parts of the fix completing successfully.
Please disable TeaTimer for now. It can be re-activated once your logs are clean.
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::
c:\windows\system32\drivers\UACnoxujyibqaqbuya.sys
c:\documents and settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    Posted Image
  • After reboot, (in case it asks to reboot), please post the contents of the new Combofix.txt into your next reply:

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download jre-6u11-windows-i586-p.exe & save to your Desktop.
  • Close all programs you may have running - especially your web browser, then double click on the jre-6u11-windows-i586-p.exe
    Note: this version shoul uninstall all the previous versions from your PC
    (Vista users, right cklick on the jre-6u11-windows-i586-p.exe and select "Run as an Administrator.")

Run the Scan:
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place, like C:\kasper.txt
  • Please post this log, and the new Combofix.txt in your next reply.

Cheers,

sage5
  • 0

#6
AusFeathers
Posted 15 May 2009 - 07:29 AM

AusFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
New comboscan log:

ComboFix 09-05-14.06 - Compaq_Owner 15/05/2009 23:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.480 [GMT 10:00]
Running from: c:\documents and settings\Compaq_Owner.GERARDINE.000\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Compaq_Owner.GERARDINE.000\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


FILE ::
c:\documents and settings\Compaq_Owner.GERARDINE.000\Application Data\winav.exe
c:\windows\system32\drivers\UACnoxujyibqaqbuya.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner.GERARDINE.000\Local Settings\temp\IadHide5.dll
c:\windows\system32\drivers\UACnoxujyibqaqbuya.sys

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-13 12:40 . 2009-05-13 12:40 215 ----a-w c:\documents and settings\Compaq_Owner.GERARDINE.000\Application Data\asd.bat
2009-05-12 00:03 . 2009-05-12 00:36 -------- d-----w C:\Rooter$
2009-05-10 03:56 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 03:56 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 03:55 . 2009-05-10 03:55 2967800 ----a-w c:\program files\pomegranate.exe
2009-05-07 12:40 . 2009-05-07 12:40 -------- d-----w c:\program files\DIFX
2009-05-07 12:39 . 2009-05-07 12:39 -------- d-----w c:\program files\Razer
2009-05-07 12:37 . 2004-08-03 14:56 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-07 12:37 . 2004-08-03 14:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-07 12:37 . 2004-08-03 12:58 14848 ----a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-07 12:37 . 2004-08-03 12:58 14848 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-07 12:30 . 2001-08-17 04:02 9600 ----a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-07 12:30 . 2001-08-17 04:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-07 12:30 . 2004-08-03 13:08 31616 ----a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-07 12:30 . 2004-08-03 13:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-02 13:40 . 2009-05-10 01:12 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-02 10:15 . 2009-05-02 10:15 -------- d-----w c:\documents and settings\Compaq_Owner.GERARDINE.000\Application Data\Malwarebytes
2009-05-02 10:15 . 2009-05-02 10:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 10:15 . 2009-05-14 13:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 13:15 . 2009-05-01 23:13 -------- d-----w c:\program files\trend micro
2009-05-01 10:00 . 2009-05-01 10:00 -------- d-sh--w c:\documents and settings\Administrator.GERARDINE\IETldCache
2009-05-01 09:54 . 2009-05-01 09:54 286208 ----a-w c:\program files\Gamers.exe
2009-05-01 09:45 . 2009-05-01 09:46 -------- d-----w c:\program files\ERUNT
2009-05-01 03:49 . 2009-05-01 03:49 401720 ----a-w c:\program files\HiJackThis.exe
2009-04-29 13:09 . 2009-04-29 13:09 -------- d-----w c:\program files\UltraUXThemePatcher
2009-04-29 12:54 . 2009-04-29 13:09 -------- d-----w c:\windows\VistaMizer
2009-04-29 12:52 . 2009-04-29 12:52 19530202 ----a-w c:\program files\VistaMizer_3.2.0.0.exe
2009-04-18 12:42 . 2009-04-18 12:42 -------- d-----w c:\windows\Performance
2009-04-18 12:42 . 2009-04-29 13:24 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 12:56 . 2006-09-21 08:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-12 10:34 . 2008-12-20 00:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-12 10:32 . 2005-03-09 15:33 -------- d-----w c:\program files\Java
2009-05-10 06:25 . 2008-04-12 07:12 -------- d-----r c:\program files\LimeWire
2009-05-09 11:33 . 2006-09-21 09:11 -------- d-----w c:\program files\City of Heroes
2009-05-07 12:39 . 2005-03-09 16:01 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-03 00:34 . 2008-09-19 08:18 86136 -c--a-w c:\documents and settings\Compaq_Owner.GERARDINE.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 09:45 . 2009-05-01 09:45 619 ----a-w c:\program files\NTREGOPT.lnk
2009-05-01 09:45 . 2009-05-01 09:45 600 ----a-w c:\program files\ERUNT.lnk
2009-04-29 13:24 . 2009-03-28 11:34 -------- d-----w c:\program files\Yahoo!
2009-04-29 13:09 . 2004-08-04 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-18 01:43 . 2006-09-20 01:24 -------- d-----w c:\program files\McAfee
2009-04-17 14:45 . 2008-09-22 04:22 -------- d-----w c:\program files\LogMeIn
2009-04-10 23:22 . 2005-03-09 16:00 -------- d-----w c:\program files\iTunes
2009-04-10 23:21 . 2005-03-09 16:00 -------- d-----w c:\program files\iPod
2009-03-25 01:06 . 2006-09-20 01:25 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 01:06 . 2006-09-20 01:25 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 01:06 . 2006-09-20 01:25 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 01:06 . 2006-09-20 01:25 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 01:05 . 2008-09-19 08:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-21 03:58 . 2008-10-10 03:45 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-19 06:32 . 2004-09-14 10:38 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-07 17:34 . 2004-08-04 12:00 1016320 ----a-w c:\windows\system32\wininet.dll
2009-03-07 17:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 17:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 17:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 17:32 . 2004-08-04 12:00 107008 ----a-w c:\windows\system32\admparse.dll
2009-03-07 17:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 17:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 17:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 17:31 . 2004-08-04 12:00 94720 ----a-w c:\windows\system32\mshta.exe
2009-03-07 17:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 12:59 . 2009-03-12 11:18 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 12:59 . 2008-09-20 10:38 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-22 23:14 . 2008-10-22 22:56 8419056 ----a-w c:\program files\etax2008_1.exe
2008-09-28 04:48 . 2008-09-28 04:48 140288 ----a-w c:\program files\vcleaner.exe
2008-09-23 01:31 . 2008-09-23 01:31 99962 -c--a-w c:\program files\6.0.2900.5512_EN.rar
2008-09-22 23:53 . 2008-09-22 23:53 3590583 ----a-w c:\program files\vdownloader.73.zip
2008-09-22 04:20 . 2008-09-22 04:19 9246720 -c--a-w c:\program files\LogMeIn.msi
2008-09-22 04:01 . 2008-09-22 04:01 1168634 ----a-w c:\program files\uxpatcher.zip
2008-09-19 07:59 . 2008-09-19 07:59 1226248 ----a-w c:\program files\DMSetup.exe
2008-09-01 09:01 . 2008-09-01 09:01 17177896 ----a-w c:\program files\msnm800812.exe
2008-03-20 11:30 . 2008-03-20 11:30 595380 -c--a-w c:\program files\Razor_Vista___Updated_by_zrageburn.rar
2008-01-29 08:36 . 2008-01-29 08:36 1878173 ----a-w c:\program files\MidsHD13.zip
2007-09-10 08:41 . 2007-09-10 08:41 1537536 ----a-w c:\program files\CJXP1020SE.exe
2007-06-22 08:18 . 2007-06-22 08:18 3277696 ----a-w c:\program files\DivXCodec.exe
2007-03-30 16:33 . 2007-02-20 18:23 37860928 ----a-w c:\program files\iTunesSetup.exe
2006-12-01 11:16 . 2006-12-01 11:16 14879120 ----a-w c:\program files\GoogleEarthWin.exe
2006-09-21 07:58 . 2006-09-21 07:58 5037072 ----a-w c:\program files\Spybot.exe
2006-09-21 07:54 . 2006-09-21 07:54 2855080 ----a-w c:\program files\Ad-aware.exe
2006-09-21 06:53 . 2006-09-21 06:53 16332072 ----a-w c:\program files\Install_Messenger_nous.exe
.

------- Sigcheck -------

[7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[7] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[7] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[7] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB933566$\wininet.dll
[7] 2007-04-18 12:31 658944 B7156CD97E739F3014BC4D61758F868A c:\windows\$NtUninstallKB937143$\wininet.dll
[7] 2007-08-22 13:12 658944 1901AD51DA8BE9F8B38D5D526E5D1788 c:\windows\$NtUninstallKB939653$\wininet.dll
[7] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\$NtUninstallKB939653_0$\wininet.dll
[7] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-06-23 15:38 659456 9EEA04BC4C3FA521D256D89940FAB4DB c:\windows\ie7\wininet.dll
[7] 2007-08-13 07:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2007-08-13 08:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie8\wininet.dll
[-] 1996-08-24 01:11 289552 BC06EB9D08AA7080B650A71914607A07 c:\windows\Intuit\Shared\wininet.dll
[-] 2009-03-07 17:34 1016320 2868B8B04547CAF8B5E6024CAC3DF0FD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2009-03-07 17:34 1016320 2868B8B04547CAF8B5E6024CAC3DF0FD c:\windows\system32\wininet.dll
[-] 2009-03-07 17:34 1016320 2868B8B04547CAF8B5E6024CAC3DF0FD c:\windows\system32\dllcache\wininet.dll
[7] 2009-03-07 17:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\VistaMizer\old\wininet.dll

[7] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 12:00 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 12:00 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe
[-] 2004-08-04 12:00 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\VistaMizer\old\winlogon.exe

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 09:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 04:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-08-04 18:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 18:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 16:49 2314880 58B200D6FB34724E95BD8CB88ACEE830 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2009-02-06 16:49 2314880 58B200D6FB34724E95BD8CB88ACEE830 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 16:49 2314880 58B200D6FB34724E95BD8CB88ACEE830 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\VistaMizer\old\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 09:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 05:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-08-04 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 17:24 2437632 CBE8D0B71A68D73E95A5D593E3E4C4C5 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2009-02-06 17:24 2437632 CBE8D0B71A68D73E95A5D593E3E4C4C5 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 17:24 2437632 CBE8D0B71A68D73E95A5D593E3E4C4C5 c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2007-06-13 10:23 1551360 3A5C81EEBE5D65D271227BE113BFE181 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 10:23 1551360 3A5C81EEBE5D65D271227BE113BFE181 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 10:23 1551360 3A5C81EEBE5D65D271227BE113BFE181 c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\VistaMizer\old\explorer.exe

[7] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 12:00 25088 5F1724D0E11EB88C95A3B73A6DD72779 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 12:00 25088 5F1724D0E11EB88C95A3B73A6DD72779 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 12:00 25088 5F1724D0E11EB88C95A3B73A6DD72779 c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-15_04.15.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-15 13:09 . 2009-05-15 13:09 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
+ 2004-11-23 11:58 . 2009-05-15 11:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-11-23 11:58 . 2009-05-15 03:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-11-23 22:47 . 2009-05-15 03:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-11-23 22:47 . 2009-05-15 11:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-11-23 22:47 . 2009-05-15 11:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-11-23 22:47 . 2009-05-15 03:24 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-28 13:38 . 2009-05-15 11:00 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-03-28 13:38 . 2009-05-15 03:24 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-09 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\Compaq_Owner.GERARDINE.000\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-3-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-20 09:37 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3/08/2007 3:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [22/09/2008 2:23 PM 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [19/09/2008 6:19 PM 210216]
R3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [19/09/2008 5:12 PM 227200]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [22/12/2008 9:54 AM 33752]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys --> c:\windows\system32\Drivers\Lycosa.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]

2009-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 11:33]

2009-03-14 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-04 12:00]

2009-04-30 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2006-09-20 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fordforums.com.au/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 23:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\SHDOCVW.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\McAfee\MSC\mcshell.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-05-15 23:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-15 13:21

Pre-Run: 8,750,428,160 bytes free
Post-Run: 8,745,070,592 bytes free

372 --- E O F --- 2009-05-13 12:12


About to run Kaspersky, but as it will take awhile I'll leave it to do it's thing and head for bed.
  • 0

#7
AusFeathers
Posted 16 May 2009 - 03:47 AM

AusFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Kaspersky found nothing in the scan this morning, but here is the log anyway:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 15, 2009 14:56:13
Records in database: 2179651
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 94184
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:23:13

No malware has been detected. The scan area is clean.

The selected area was scanned.
  • 0

#8
sage5
Posted 16 May 2009 - 05:25 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AusFeathers

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Cleanup with OTListIt2:
  • Please double-click OTListIt2.exe to run it.
  • Click the Clean up button
  • Click NO at the restart prompt (We will do that in a moment.)

To Clear Restore points, please do the following:
  • Go to Start > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Avira AntiVir Personal and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0

#9
AusFeathers
Posted 16 May 2009 - 06:43 AM

AusFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I've now completed the cleanup steps, and would like to thank you very much for your help sage5.

I'll definitely be tightening up my security efforts and changing browsers.
  • 0

#10
sage5
Posted 16 May 2009 - 07:59 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
You are very welcome AusFeathers :)

All the best,

sage5
  • 0

#11
sage5
Posted 16 May 2009 - 07:59 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP