Jump to content

Harvo

Members
  • Content Count

    15
  • Joined

  • Last visited

About Harvo

  • Rank
    Member
  1. Both scans revealed no problems but the Mcafee scan took about three hours compared to the usual one hour (approx) Overall the PC is running a little slow but with no apparent viruses/adware/spyware.
  2. My HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:58, on 11/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\KService\KService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Tesco\Picture Suite\InsDetect.exe C:\WINDOWS\kdx\KHost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected] O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11591 bytes My CF Log: ComboFix 08-09-10.04 - HP_Owner 2008-09-11 21:40:02.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.162 [GMT 1:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ewido anti-spyware 4.0 C:\Program Files\ewido anti-spyware 4.0\clsid.dat C:\Program Files\ewido anti-spyware 4.0\context.dll C:\Program Files\ewido anti-spyware 4.0\engine.dll C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\ewido anti-spyware 4.0\guard.sys C:\Program Files\ewido anti-spyware 4.0\help.chm C:\Program Files\ewido anti-spyware 4.0\heuristic.dat C:\Program Files\ewido anti-spyware 4.0\logfile.txt C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll C:\Program Files\ewido anti-spyware 4.0\signatures\2000.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2001.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2002.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2003.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2004.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2005.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2006.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2007.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2008.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2009.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2010.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2011.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2012.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2013.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2014.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2015.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2016.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2017.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2018.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2019.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2020.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2021.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2022.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2023.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2024.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2025.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2026.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2027.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2028.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2029.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2030.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2031.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2032.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2033.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2034.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2035.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2036.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2037.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2038.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2039.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2040.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2041.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2042.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2043.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2044.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2045.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2046.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2047.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2048.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2049.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2050.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2051.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2052.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2053.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2054.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2055.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2056.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2057.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2058.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2059.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2060.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2061.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2062.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2063.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2064.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2065.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2066.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2067.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2068.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2069.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2070.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2071.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2072.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2073.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2074.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2075.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2076.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2077.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2078.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2079.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2080.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2081.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2082.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2083.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2084.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2085.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2086.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2087.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2088.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2089.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2090.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2091.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2092.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2093.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2094.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2095.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2096.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2097.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2098.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2099.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2100.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2101.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2102.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2103.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2104.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2105.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2106.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2107.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2108.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2109.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2110.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2111.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2112.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2113.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2114.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2115.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2116.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2117.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2118.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2119.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2120.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2121.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2122.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2123.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2124.dat C:\Program Files\ewido anti-spyware 4.0\signatures\2125.dat C:\Program Files\ewido anti-spyware 4.0\translations\czech.mo C:\Program Files\ewido anti-spyware 4.0\translations\english.mo C:\Program Files\ewido anti-spyware 4.0\translations\german.mo C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))) . 2008-10-18 18:31 . 2008-09-05 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-09-07 23:56 . 2008-09-07 23:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com 2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-07 21:35 . 2008-09-07 21:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-06 18:58 . 2008-09-07 23:44 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-09-06 16:55 . 2008-09-11 21:49 9,089 --a------ C:\WINDOWS\system32\Config.MPF 2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Program Files\SiteAdvisor 2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-09-06 16:50 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2008-09-06 16:50 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-09-06 16:50 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-09-06 16:50 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-09-06 16:49 . 2008-09-06 16:50 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-09-06 16:48 . 2008-09-06 16:49 <DIR> d-------- C:\Program Files\McAfee.com 2008-09-06 16:48 . 2008-09-11 21:30 <DIR> d-------- C:\Program Files\McAfee 2008-09-06 16:47 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2008-09-06 15:50 . 2008-09-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-09-06 12:01 . 2008-09-06 12:11 <DIR> d-------- C:\Program Files\RegCure 2008-09-05 18:01 . 2008-09-06 16:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-09-05 00:07 . 2008-09-05 00:07 <DIR> d-------- C:\Program Files\Windows Defender 2008-09-04 22:47 . 2008-09-06 11:55 <DIR> d-------- C:\Program Files\MSA 2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Program Files\TomTom HOME 2 2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\TomTom 2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-23 21:26 . 2008-08-23 21:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-23 21:18 . 2008-08-23 21:18 <DIR> d-------- C:\WINDOWS\EHome 2008-08-23 08:47 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-13 18:58 . 2008-08-13 18:58 <DIR> d-------- C:\Program Files\Sun 2008-08-13 18:29 . 2008-04-11 20:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-08 21:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-08 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-07 22:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-06 19:20 --------- d-----w C:\Program Files\PCPitstop 2008-09-06 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-23 22:55 --------- d-----w C:\Program Files\MSN Messenger 2008-08-13 17:58 --------- d-----w C:\Program Files\Java 2008-08-02 19:55 --------- d-----w C:\Program Files\Sports Interactive 2006-01-03 18:31 478 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( [email protected]_19.50.36.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-10 17:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-11 18:43:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-10 17:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-09-11 18:43:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-09-10 17:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-09-11 18:43:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856] "Tesco Insert Detect"="C:\Program Files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144] "kdx"="C:\WINDOWS\kdx\KHost.exe" [2007-05-11 2236416] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 180269] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 663552] "Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344] "LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-07 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-04-07 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\kdx\\KHost.exe"= "C:\\Program Files\\KService\\KService.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-08-18 211232] S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [ ] . Contents of the 'Scheduled Tasks' folder . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-11 21:47:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\KService\KService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe . ************************************************************************** . Completion time: 2008-09-11 21:54:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-11 20:54:17 ComboFix2.txt 2008-09-10 18:51:21 Pre-Run: 169,741,893,632 bytes free Post-Run: 169,836,662,784 bytes free 315 --- E O F --- 2008-09-10 17:52:27 My MBAM Log: Malwarebytes' Anti-Malware 1.28 Database version: 1141 Windows 5.1.2600 Service Pack 3 11/09/2008 22:57:00 mbam-log-2008-09-11 (22-57-00).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 163441 Time elapsed: 51 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 6 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\gksraemq.btga (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection (Rogue.TrustedProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs (Rogue.TrustedProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor\Logs (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\avtasks.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs\av.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs\ga6Support.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs\update.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor\Logs\update.log (Rogue.WinPCDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Desktop\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully. PC seems to be running fine
  3. Hi, How do I save my Ewido notepad as a CF Script please?
  4. Hi and thanks for helping me out with this. I can't delete the ewido anti spyware program because I get a message that says 'access denied.' My combofix notepad: ComboFix 08-09-05.14 - HP_Owner 2008-09-10 19:36:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.137 [GMT 1:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\cnsfhont.ini C:\WINDOWS\system32\JQrCLkkj.ini C:\WINDOWS\system32\JQrCLkkj.ini2 C:\WINDOWS\system32\mcrh.tmp D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))) . 2008-10-18 18:31 . 2008-09-05 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-09-07 23:56 . 2008-09-07 23:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com 2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-07 21:35 . 2008-09-07 21:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-06 18:58 . 2008-09-07 23:44 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-09-06 16:55 . 2008-09-10 19:46 8,917 --a------ C:\WINDOWS\system32\Config.MPF 2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Program Files\SiteAdvisor 2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-09-06 16:50 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2008-09-06 16:50 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-09-06 16:50 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-09-06 16:50 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-09-06 16:49 . 2008-09-06 16:50 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-09-06 16:48 . 2008-09-06 16:49 <DIR> d-------- C:\Program Files\McAfee.com 2008-09-06 16:48 . 2008-09-07 22:18 <DIR> d-------- C:\Program Files\McAfee 2008-09-06 16:47 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2008-09-06 15:50 . 2008-09-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-09-06 12:01 . 2008-09-06 12:11 <DIR> d-------- C:\Program Files\RegCure 2008-09-05 18:01 . 2008-09-06 16:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-09-05 00:07 . 2008-09-05 00:07 <DIR> d-------- C:\Program Files\Windows Defender 2008-09-04 22:47 . 2008-09-06 11:55 <DIR> d-------- C:\Program Files\MSA 2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Program Files\TomTom HOME 2 2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\TomTom 2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-23 21:26 . 2008-08-23 21:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-23 21:18 . 2008-08-23 21:18 <DIR> d-------- C:\WINDOWS\EHome 2008-08-23 08:47 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-13 18:58 . 2008-08-13 18:58 <DIR> d-------- C:\Program Files\Sun 2008-08-13 18:29 . 2008-04-11 20:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-08 21:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-08 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-07 22:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-06 19:20 --------- d-----w C:\Program Files\PCPitstop 2008-09-06 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-23 22:55 --------- d-----w C:\Program Files\MSN Messenger 2008-08-13 17:58 --------- d-----w C:\Program Files\Java 2008-08-02 19:55 --------- d-----w C:\Program Files\Sports Interactive 2006-01-03 18:31 478 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856] "Tesco Insert Detect"="C:\Program Files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144] "kdx"="C:\WINDOWS\kdx\KHost.exe" [2007-05-11 2236416] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 180269] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 663552] "Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344] "LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-07 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-04-07 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\kdx\\KHost.exe"= "C:\\Program Files\\KService\\KService.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-08-18 211232] S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [ ] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{7902FDEB-6AD7-4E5B-B202-70531297E3D0} - (no file) Toolbar-{0CAA216D-B1AF-4C4A-8EDC-FB2D822570CB} - (no file) HKCU-Run-\VIE1A.exe - C:\Windows\System32\VIE1A.exe HKCU-Run-\VIE1B.exe - C:\Windows\System32\VIE1B.exe HKCU-Run-\VIE1C.exe - C:\Windows\System32\VIE1C.exe HKCU-Run-\VIE1D.exe - C:\Windows\System32\VIE1D.exe HKCU-Run-\VIE43.exe - C:\Windows\System32\VIE43.exe HKCU-Run-\VIE1.exe - C:\Windows\System32\VIE1.exe HKCU-Run-\VIE2.exe - C:\Windows\System32\VIE2.exe HKCU-Run-\VIE3.exe - C:\Windows\System32\VIE3.exe HKCU-Run-\VIE4.exe - C:\Windows\System32\VIE4.exe HKCU-Run-\VIE6.exe - C:\Windows\System32\VIE6.exe HKCU-Run-\VIE9.exe - C:\Windows\System32\VIE9.exe HKLM-Run-\VIE1A.exe - C:\Windows\System32\VIE1A.exe HKLM-Run-\VIE1B.exe - C:\Windows\System32\VIE1B.exe HKLM-Run-\VIE1C.exe - C:\Windows\System32\VIE1C.exe HKLM-Run-\VIE1D.exe - C:\Windows\System32\VIE1D.exe HKLM-Run-\VIE43.exe - C:\Windows\System32\VIE43.exe HKLM-Run-\VIE1.exe - C:\Windows\System32\VIE1.exe HKLM-Run-\VIE2.exe - C:\Windows\System32\VIE2.exe HKLM-Run-\VIE3.exe - C:\Windows\System32\VIE3.exe HKLM-Run-\VIE4.exe - C:\Windows\System32\VIE4.exe HKLM-Run-\VIE6.exe - C:\Windows\System32\VIE6.exe HKLM-Run-\VIE9.exe - C:\Windows\System32\VIE9.exe HKLM-Run-PC Pitstop Optimize Reminder - C:\Program Files\PCPitstop\Optimize2\Reminder.exe Notify-ddcAsPij - ddcAsPij.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm O18 -: Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 19:45:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\KService\KService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe . ************************************************************************** . Completion time: 2008-09-10 19:51:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-10 18:51:08 Pre-Run: 169,772,666,880 bytes free Post-Run: 169,876,733,952 bytes free 209 --- E O F --- 2008-09-10 17:52:27 My HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:53, on 10/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\KService\KService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Tesco\Picture Suite\InsDetect.exe C:\WINDOWS\kdx\KHost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected] O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11695 bytes Thanks again.
  5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:25: VIRUS ALERT!, on 08/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\KService\KService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Tesco\Picture Suite\InsDetect.exe C:\WINDOWS\kdx\KHost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7902FDEB-6AD7-4E5B-B202-70531297E3D0} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {0CAA216D-B1AF-4C4A-8EDC-FB2D822570CB} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected] O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [\VIE1A.exe] C:\Windows\System32\VIE1A.exe O4 - HKLM\..\Run: [\VIE1B.exe] C:\Windows\System32\VIE1B.exe O4 - HKLM\..\Run: [\VIE1C.exe] C:\Windows\System32\VIE1C.exe O4 - HKLM\..\Run: [\VIE1D.exe] C:\Windows\System32\VIE1D.exe O4 - HKLM\..\Run: [\VIE43.exe] C:\Windows\System32\VIE43.exe O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe O4 - HKLM\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [\VIE1A.exe] C:\Windows\System32\VIE1A.exe O4 - HKCU\..\Run: [\VIE1B.exe] C:\Windows\System32\VIE1B.exe O4 - HKCU\..\Run: [\VIE1C.exe] C:\Windows\System32\VIE1C.exe O4 - HKCU\..\Run: [\VIE1D.exe] C:\Windows\System32\VIE1D.exe O4 - HKCU\..\Run: [\VIE43.exe] C:\Windows\System32\VIE43.exe O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe O4 - HKCU\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe O4 - HKCU\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ddcAsPij - ddcAsPij.dll (file missing) O21 - SSODL: xrdwbfgn - {576D4804-D882-4576-B3C4-DA3CDD8A0F23} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 14438 bytes
×
×
  • Create New...