Jump to content

HJT check please for "peace of mind"


Recommended Posts

:sparkle: Good day

 

I have been advised to have someone look at my HJT after having SPAM emails sent to me from my own email address as discussed in the link below.

 

PCPitstop Forum ~ spam emails from my own email address

 

I have scanned with, MalawareBytes, a-squared, Rogue Removal, Super Anti Spyware and have not found anything untoward.

 

THANK YOU FOR YOUR TIME & BEST WISHES FOR A VERY MERRY CHRISTMAS. :xmas_smile::xmastree::xmas2::xmas-smiley-017:

 

 

Here are the 2 .txt files requested

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Test at 2008-12-25 08:51:50

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 320 GB (67%) free of 477 GB

Total RAM: 1024 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:52:11 AM, on 25/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Test\Desktop\RSIT.exe

C:\Program Files\trend micro\Test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google

 

Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

 

http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:filtered:/asinst.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

 

http://download.mcafee.com/molbin/iss-loc/...390/mcfscan.cab

O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop

 

Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8119 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{BDC4A648-5C81-4F29-9612-F3B41A5E9C36}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-22 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-22 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-11-20 155648]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-30 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-14 1809648]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Webshots.lnk]

C:\Program Files\Webshots\Launcher.exe [2007-10-29 157008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="wbsys.dll,avgrsstx.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-14 352256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-09-02 77824]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\MSGTAG\MSGTAG.exe"="C:\Program Files\MSGTAG\MSGTAG.exe:*:Enabled:MSGTAG"

"C:\Program Files\Gekko Mahjongg\Mahjongg.exe"="C:\Program Files\Gekko Mahjongg\Mahjongg.exe:*:Enabled:Mahjongg"

"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"

"C:\Program Files\SpywareGuard\sgliveupdate.exe"="C:\Program Files\SpywareGuard\sgliveupdate.exe:*:Enabled:SpywareGuard LiveUpdate"

"C:\Program Files\SpywareBlaster\spywareblaster.exe"="C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster"

"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software

 

Update Client"

"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital

 

Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\Kyodai Mahjongg 2006\kmj.exe"="C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"

"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop

 

Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"

"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service

 

Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"D:\Program Files\Kyodai Mahjongg 06 v1.42\kmj.exe"="D:\Program Files\Kyodai Mahjongg 06 v1.42\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\Documents and Settings\Test\Local Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe"="C:\Documents and Settings\Test\Local

 

Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe:*:Enabled:IncrediMail Installer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop

 

Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

======List of files/folders created in the last 1 months======

 

2008-12-25 08:51:50 ----D---- C:\rsit

2008-12-23 10:46:23 ----D---- C:\Program Files\Common Files\Ahead

2008-12-22 22:02:09 ----D---- C:\Program Files\a-squared Free

2008-12-22 21:55:18 ----D---- C:\Program Files\RogueRemover FREE

2008-12-17 18:42:14 ----D---- C:\Program Files\Mozilla Firefox

2008-12-15 00:20:17 ----D---- C:\Program Files\Xvid

2008-12-14 15:25:19 ----A---- C:\WINDOWS\savers.ini

2008-12-12 14:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 14:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 14:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 14:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

 

======List of files/folders modified in the last 1 months======

 

2008-12-25 08:52:11 ----D---- C:\WINDOWS\Temp

2008-12-25 08:52:11 ----D---- C:\Program Files\Trend Micro

2008-12-25 08:51:30 ----D---- C:\WINDOWS\Prefetch

2008-12-25 08:50:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-25 08:36:23 ----SD---- C:\WINDOWS\Tasks

2008-12-25 08:33:11 ----D---- C:\WINDOWS

2008-12-24 15:39:39 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-23 10:47:35 ----SHD---- C:\WINDOWS\Installer

2008-12-23 10:47:35 ----D---- C:\Config.Msi

2008-12-23 10:46:23 ----AD---- C:\Program Files\Common Files

2008-12-23 08:05:10 ----AD---- C:\Program Files

2008-12-23 08:02:25 ----D---- C:\WINDOWS\system32

2008-12-23 07:49:46 ----D---- C:\WINDOWS\system32\ActiveScan

2008-12-22 19:24:39 ----D---- C:\Program Files\Google

2008-12-22 18:27:51 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2008-12-20 08:56:06 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-19 11:10:36 ----HD---- C:\WINDOWS\inf

2008-12-19 11:10:33 ----RSHD---- C:\WINDOWS\system32\dllcache

2008-12-19 11:10:21 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-17 18:42:31 ----D---- C:\Documents and Settings\Test\Application Data\Mozilla

2008-12-16 23:52:29 ----D---- C:\Program Files\Jewel Quest II

2008-12-16 22:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-16 17:34:25 ----D---- C:\Program Files\Jewel Quest III

2008-12-14 17:32:05 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-12-14 16:12:09 ----D---- C:\WINDOWS\Debug

2008-12-14 16:10:20 ----D---- C:\Program Files\SUPERAntiSpyware

2008-12-14 15:48:00 ----D---- C:\WINDOWS\system32\drivers

2008-12-14 15:48:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-13 16:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-12 14:13:00 ----D---- C:\Program Files\Internet Explorer

2008-12-12 14:12:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-12-11 21:00:26 ----D---- C:\Temp

2008-12-11 18:11:56 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-10 09:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-07 23:32:04 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-04 21:46:08 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2008-12-04 21:42:56 ----A---- C:\WINDOWS\system32\xvidcore.dll

2008-12-02 22:36:59 ----D---- C:\Program Files\PokerStars

2008-11-26 20:37:56 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]

R2 Atmuni;ATM Call Manager; C:\WINDOWS\System32\DRIVERS\atmuni.sys [2003-03-31 352256]

R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []

R2 EdgeStat;EdgeStat; \??\C:\WINDOWS\system32\drivers\edgestat.sys []

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]

R2 PAR1284;PAR1284; \??\C:\WINDOWS\system32\drivers\PAR1284.sys []

R2 Rawwan;RAW WAN Driver; C:\WINDOWS\System32\DRIVERS\rawwan.sys [2003-03-31 34432]

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S2 asapiW2k;asapiW2k; \??\C:\WINDOWS\System32\DRIVERS\asapiW2k.sys []

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 AmeAtmPc;AmeAtmPc; C:\WINDOWS\System32\DRIVERS\AmeAtmPc.sys []

S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []

S3 AtmElan;ATM Emulated LAN; C:\WINDOWS\System32\DRIVERS\atmlane.sys [2004-08-04 55936]

S3 AtmLane;ATM LAN Emulation; C:\WINDOWS\System32\DRIVERS\atmlane.sys [2004-08-04 55936]

S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Test\LOCALS~1\Temp\catchme.sys []

S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys []

S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]

S3 KMWDFILTER;KMWDFILTER; \??\C:\WINDOWS\System32\Drivers\KMWDFILTER.sys []

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-07-29 47360]

S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys []

S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-11 32256]

S3 SNTNLUSB;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2002-12-17 26120]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]

S3 USB_RNDIS;NETGEAR DG632 USB MODEM; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys []

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S3 z800bus;Sony Ericsson Z800 driver (WDM); C:\WINDOWS\system32\DRIVERS\z800bus.sys [2005-02-09 55216]

S3 z800mdfl;Sony Ericsson Z800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z800mdfl.sys [2005-02-09 6576]

S3 z800mdm;Sony Ericsson Z800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\z800mdm.sys [2005-02-09 89872]

S3 z800mgmt;Sony Ericsson Z800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\z800mgmt.sys [2005-02-09 81760]

S3 z800obex;Sony Ericsson Z800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\z800obex.sys [2005-02-09 79488]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2006-03-03 69632]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-22 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24

 

70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09

 

36864]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-22 137200]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 FreezeScreenSaver;FreezeScreenSaver; C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 69632]

S4 hpdj00;hpdj00; C:\DOCUME~1\Admin\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11

 

122880]

 

-----------------EOF-----------------

 

 

 

 

info.txt logfile of random's system information tool 1.05 2008-12-25 08:52:17

 

======Uninstall list======

 

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x

 

{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x

 

{8855FF30-19CE-4CB1-A654-87B38369CCE1}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132

 

C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

 

{90120000-001A-0409-0000-0000000FF1CE} /uninstall

 

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

 

{90120000-001F-0409-0000-0000000FF1CE} /uninstall

 

{3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

 

{90120000-001F-040C-0000-0000000FF1CE} /uninstall

 

{430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

 

{90120000-001F-0C0A-0000-0000000FF1CE} /uninstall

 

{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

 

{90120000-006E-0409-0000-0000000FF1CE} /uninstall

 

{FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

 

{90120000-0115-0409-0000-0000000FF1CE} /uninstall

 

{FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

 

{91120000-001A-0000-0000-0000000FF1CE} /uninstall

 

{BEE75E01-DD3F-4D5F-B96C-609E6538D419}

Adobe Bridge 1.0-->MsiExec.exe

 

/I{B74D4E10-6884-0000-0000-000000000103}

Adobe Common File Installer-->MsiExec.exe

 

/I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player

 

ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Help Center 1.0-->MsiExec.exe

 

/I{E9787678-1033-0000-8E67-000000000001}

Adobe Illustrator CS2-->msiexec /I

 

{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}

Adobe Photoshop CS2-->msiexec /I

 

{236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.3-->MsiExec.exe

 

/I{AC76BA86-7AD7-1033-7B44-A81300000003}

Adobe Shockwave Player

 

11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE

 

C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG

 

Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common

 

Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Artcut2005-->C:\WINDOWS\IsUninst.exe -fc:\artcut6\Uninst.isu

a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"

AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk

 

Defrag\unins000.exe"

AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Common

 

Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"

AVS Video Tools 5.6-->"C:\Program

 

Files\AVSMedia\VideoTools\unins000.exe"

ǧÄêͼ¿â-->C:\WINDOWS\IsUn0804.exe -fc:\artcut6\Uninst.isu

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe

Clever Icons Horizon Christmas 2006 Set-->"C:\Documents and Settings\All

 

Users\Application Data\{6E59BB90-41C1-43F8-916E-BC7245684C50}\clever

 

icons christmas 2006 set.exe" REMOVE=TRUE MODIFY=FALSE

Compatibility Pack for the 2007 Office system-->MsiExec.exe

 

/X{90120000-0020-0409-0000-0000000FF1CE}

CorelDRAW Graphics Suite X3-->MsiExec.exe

 

/I{63218538-4A69-497F-8455-904261B0E9E4}

EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}

FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}

Free Ipod Video Converter V 2.6-->"C:\Program Files\Ipod Video

 

Converter\unins000.exe"

Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio

 

Pack\unins000.exe"

GameHouse Super Games AIO®-->"C:\Program

 

Files\GameHouse\unins000.exe"

GdiplusUpgrade-->MsiExec.exe

 

/I{5421155F-B033-49DB-9B33-8F80F233D4D5}

Google Earth-->MsiExec.exe

 

/I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google

 

Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe"

 

/uninstall

GSP OMEGA-->C:\WINDOWS\ISUninst.exe

 

-fC:\GSP\Software\GSPUninst.isu -cC:\GSP\Software\_UnInstall.dll

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7

 

(KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.e

 

xe"

Hotfix for Windows Media Format 11 SDK

 

(KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe

 

"

Hotfix for Windows Media Player 11

 

(KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe

 

"

Hotfix for Windows XP

 

(KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe

 

"

Hotfix for Windows XP

 

(KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe

 

"

Hotfix for Windows XP

 

(KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe

 

"

Hotfix for Windows XP

 

(KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe

 

"

Hotfix for Windows XP

 

(KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe

 

"

HP Document Viewer 5.3-->C:\Program Files\Hewlett-Packard\Digital

 

Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat

HP Driver Diagnostics-->MsiExec.exe

 

/I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}

HP Extended Capabilities 5.3-->C:\Program Files\Hewlett-Packard\Digital

 

Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Image Zone 5.3-->C:\Program Files\Hewlett-Packard\Digital

 

Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Imaging Device Functions 5.3-->C:\Program

 

Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe

 

-datfile hpqbud01.dat

HP Photosmart Essential-->MsiExec.exe

 

/X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Product Detection-->MsiExec.exe

 

/I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}

HP PSC & OfficeJet 5.3.B-->"C:\Program Files\Hewlett-Packard\Digital

 

Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe"

 

-datfile hposcr07.dat

HP Software Update-->MsiExec.exe

 

/X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Solution Center & Imaging Support Tools 5.3-->C:\Program

 

Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile

 

hpqbud05.dat

Icon Extractor-->C:\WINDOWS\SDUnInst.exe c:\program files\software by

 

designicons\iconex.uni

IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove

 

/addon:IncrediMail /log:IncMail.log

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

Java 6 Update 7-->MsiExec.exe

 

/I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Jewels of Cleopatra-->"C:\WINDOWS\Jewels of Cleopatra\uninstall.exe"

 

"/U:C:\Program Files\Jewels of Cleopatra\Uninstall\uninstall.xml"

Logitech Desktop Messenger-->RunDll32

 

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\

 

Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

 

Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9

 

UNINSTALL

Logitech SetPoint-->C:\Program Files\InstallShield Installation

 

Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe

 

-runfromtemp -l0x0009 -removeonly

Macromedia Flash Player 8-->MsiExec.exe

 

/X{6815FCDD-401D-481E-BA88-31B4754C2B46}

Macromedia Shockwave

 

Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE

 

C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log

MadOnion.com/PCMark2002-->RunDll32

 

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchS

 

etup "C:\Program Files\InstallShield Installation

 

Information\{5D81D227-790A-43D8-BD30-6A7935CD6837}\Setup.exe" -l0x9

 

uninstall -uninst

Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove

 

/addon:Magentic

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes'

 

Anti-Malware\unins000.exe"

Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover

 

FREE\unins000.exe"

Media Converter SA Edition 0.8-->C:\Program Files\Media Converter SA

 

Edition\uninst.exe

Microsoft .NET Framework 1.1 Hotfix

 

(KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\

 

hotfix.exe"

 

"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M92

 

8366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X

 

{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe

 

/X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe

 

/I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe

 

/I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft Compression Client Pack 1.0 for Windows

 

XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Data Access Components

 

KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf

Microsoft Internationalized Domain Names Mitigation

 

APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst

 

\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack

 

1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel

 

APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spu

 

ninst\spuninst.exe"

Microsoft Office Outlook 2007-->"C:\Program Files\Common Files\Microsoft

 

Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR

 

/dll OSETUP.DLL

Microsoft Office Outlook 2007-->MsiExec.exe

 

/X{91120000-001A-0000-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe

 

/X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe

 

/I{91110409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Proof (English) 2007-->MsiExec.exe

 

/X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe

 

/X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe

 

/X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe

 

/X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe

 

/X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe

 

/X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Producer for Microsoft Office PowerPoint 2003-->MsiExec.exe

 

/I{155FBB0D-0EE9-42D1-9E41-E5E08F691033}

Microsoft User-Mode Driver Framework Feature Pack

 

1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe

 

/X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Windows Journal Viewer-->MsiExec.exe

 

/X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}

Mouse Driver-->RunDll32

 

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchS

 

etup "C:\Program Files\InstallShield Installation

 

Information\{2EBA5473-558B-462C-AEE4-FE50FA799F2A}\Setup.exe"

Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MP3 Player Utilities 3.13-->MsiExec.exe

 

/I{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467}

MSVC80_x86-->MsiExec.exe

 

/I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSXML 4.0 SP2 (KB925672)-->MsiExec.exe

 

/I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe

 

/I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe

 

/I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe

 

/I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe

 

/I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Mysteryville-->"C:\WINDOWS\Mysteryville\uninstall.exe" "/U:C:\Program

 

Files\Mysteryville\Uninstall\uninstall.xml"

Nero 7 Ultra Edition-->MsiExec.exe

 

/X{E5321C8D-AF15-408B-A26E-4BE8114A7EB5}

Nero 7-->MsiExec.exe /I{40261D0A-A385-4C1A-A7DE-5F270D9B1033}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape

 

Browser\NSUninst.exe"

Nokia Connectivity Cable Driver-->MsiExec.exe

 

/X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}

Nokia Flashing Cable Driver-->MsiExec.exe

 

/X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}

Nokia Multimedia Factory-->MsiExec.exe

 

/I{4CFB3821-1582-4F3B-BF8D-30986923B36B}

Nokia PC Suite-->C:\Documents and Settings\All Users\Application

 

Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_

 

Suite_rel_7_0_9_2_eng.exe

Nokia PC Suite-->MsiExec.exe

 

/I{D5577624-0626-4C4B-87AA-D966DA1739D6}

Nokia Software Updater-->MsiExec.exe

 

/X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}

NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall

 

C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OutlookTools 2-->MsiExec.exe

 

/I{F539210E-8474-44E3-9035-01CB6444DB46}

PC Connectivity Solution-->MsiExec.exe

 

/I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}

PC Pitstop Optimize 1.5-->"C:\Program

 

Files\PCPitstop\Optimize\unins000.exe"

Personal License Update Wizard for Windows Media Player-->RunDll32

 

advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall

PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe"

 

/u:PokerStars

PowerDVD-->RunDll32

 

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchS

 

etup "C:\Program Files\InstallShield Installation

 

Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"

 

-uninstall

Readiris 7.5-->RunDll32

 

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchS

 

etup "C:\Program Files\InstallShield Installation

 

Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9

ROUTE 66 Sync-->C:\Program Files\InstallShield Installation

 

Inform

Link to post
Share on other sites

Hi Tillpot

 

Let's do this first...

 

Open notepad

At the top click on format.....uncheck word wrap

 

 

Nothing obvious here........no choice but to dig deeper.

 

 

Download SDFix or from Here and save it to your Desktop

 

 

 

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following

:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows

    icon appears, tap the F8 key continually;

  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.cmd to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load

    your desktop icons.

  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the

    forum).

  • Finally paste the contents of the SDFix Report.txt back on the forum with a new HijackThis log

 

 

 

NEXT**

We will use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

 

Please include the C:\ComboFix.txt along with a new HJT log in your next reply for further review.

 

 

 

In your next reply post:

SDFiX report.txt

ComboFix.txt

New HJT log

Link to post
Share on other sites

Hi Juliet :sparkle:

 

Thanks for your help.

 

I have done the word wrap, SDFix and new HJT.

 

Was unable to do the ComboFix as I could not completre the instructions.

After downloading both the Combo and Windows kb310994(Windows Recovery console) to my desktop, I was unable to continue as every time I tried to drag the Windows KB into the Combo ~ it would not load, it asked me if I wanted to RUN Combo and that senario is not covered on the instruction page of Combo.

 

Hope that makes sense .... !

 

I did not want to go ahead without the Windows Recovery console installed.

 

Better safe than sorry.... let me know what else you would like me to do.

 

Thanks again. :sparkle:

 

Here is the SDFix report and the new HJT log:

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Test at 2008-12-27 13:40:33

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 371 GB (78%) free of 477 GB

Total RAM: 1024 MB (52% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:40:48 PM, on 27/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Documents and Settings\Test\My Documents\Downloads\HJT\RSIT.exe

C:\Program Files\trend micro\Test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:filtered:/asinst.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...390/mcfscan.cab

O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9881 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{BDC4A648-5C81-4F29-9612-F3B41A5E9C36}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-12-25 5804872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-22 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-22 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-12-25 5804872]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-11-20 155648]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-30 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-12-25 160592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Webshots.lnk]

C:\Program Files\Webshots\Launcher.exe [2007-10-29 157008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="wbsys.dll,avgrsstx.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-14 352256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-09-02 77824]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\MSGTAG\MSGTAG.exe"="C:\Program Files\MSGTAG\MSGTAG.exe:*:Enabled:MSGTAG"

"C:\Program Files\Gekko Mahjongg\Mahjongg.exe"="C:\Program Files\Gekko Mahjongg\Mahjongg.exe:*:Enabled:Mahjongg"

"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"

"C:\Program Files\SpywareGuard\sgliveupdate.exe"="C:\Program Files\SpywareGuard\sgliveupdate.exe:*:Enabled:SpywareGuard LiveUpdate"

"C:\Program Files\SpywareBlaster\spywareblaster.exe"="C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster"

"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"

"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\Kyodai Mahjongg 2006\kmj.exe"="C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"

"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"

"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"D:\Program Files\Kyodai Mahjongg 06 v1.42\kmj.exe"="D:\Program Files\Kyodai Mahjongg 06 v1.42\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\Documents and Settings\Test\Local Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe"="C:\Documents and Settings\Test\Local Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe:*:Enabled:IncrediMail Installer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

======List of files/folders created in the last 1 months======

 

2008-12-27 12:41:55 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-27 11:40:19 ----D---- C:\SDFix

2008-12-25 17:04:21 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm

2008-12-25 17:03:23 ----D---- C:\Program Files\Siber Systems

2008-12-25 08:51:50 ----D---- C:\rsit

2008-12-23 10:46:23 ----D---- C:\Program Files\Common Files\Ahead

2008-12-22 22:02:09 ----D---- C:\Program Files\a-squared Free

2008-12-22 21:55:18 ----D---- C:\Program Files\RogueRemover FREE

2008-12-17 18:42:14 ----D---- C:\Program Files\Mozilla Firefox

2008-12-15 00:20:17 ----D---- C:\Program Files\Xvid

2008-12-14 15:25:19 ----A---- C:\WINDOWS\savers.ini

2008-12-12 14:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 14:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 14:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 14:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

 

======List of files/folders modified in the last 1 months======

 

2008-12-27 13:40:48 ----D---- C:\WINDOWS\Temp

2008-12-27 13:40:40 ----D---- C:\WINDOWS\Prefetch

2008-12-27 13:40:40 ----D---- C:\Program Files\Trend Micro

2008-12-27 13:38:53 ----D---- C:\WINDOWS

2008-12-27 13:22:43 ----SD---- C:\WINDOWS\Tasks

2008-12-27 12:40:39 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-27 11:12:08 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-27 01:41:15 ----D---- C:\Program Files\Jewel Quest II

2008-12-26 20:45:11 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-25 17:03:23 ----AD---- C:\Program Files

2008-12-25 09:12:58 ----D---- C:\HJT

2008-12-25 08:31:49 ----D---- C:\Config.Msi

2008-12-23 10:47:35 ----SHD---- C:\WINDOWS\Installer

2008-12-23 10:46:23 ----AD---- C:\Program Files\Common Files

2008-12-23 08:02:25 ----D---- C:\WINDOWS\system32

2008-12-23 07:49:46 ----D---- C:\WINDOWS\system32\ActiveScan

2008-12-22 19:24:39 ----D---- C:\Program Files\Google

2008-12-22 18:27:51 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2008-12-19 11:10:36 ----HD---- C:\WINDOWS\inf

2008-12-19 11:10:33 ----RSHD---- C:\WINDOWS\system32\dllcache

2008-12-19 11:10:21 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-17 18:42:31 ----D---- C:\Documents and Settings\Test\Application Data\Mozilla

2008-12-16 22:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-16 17:34:25 ----D---- C:\Program Files\Jewel Quest III

2008-12-14 17:32:05 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-12-14 16:12:09 ----D---- C:\WINDOWS\Debug

2008-12-14 16:10:20 ----D---- C:\Program Files\SUPERAntiSpyware

2008-12-14 15:48:00 ----D---- C:\WINDOWS\system32\drivers

2008-12-14 15:48:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-13 16:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-12 14:13:00 ----D---- C:\Program Files\Internet Explorer

2008-12-12 14:12:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-12-11 21:00:26 ----D---- C:\Temp

2008-12-11 18:11:56 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-10 09:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-07 23:32:04 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-04 21:46:08 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2008-12-04 21:42:56 ----A---- C:\WINDOWS\system32\xvidcore.dll

2008-12-02 22:36:59 ----D---- C:\Program Files\PokerStars

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]

R2 Atmuni;ATM Call Manager; C:\WINDOWS\System32\DRIVERS\atmuni.sys [2003-03-31 352256]

R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []

R2 EdgeStat;EdgeStat; \??\C:\WINDOWS\system32\drivers\edgestat.sys []

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]

R2 PAR1284;PAR1284; \??\C:\WINDOWS\system32\drivers\PAR1284.sys []

R2 Rawwan;RAW WAN Driver; C:\WINDOWS\System32\DRIVERS\rawwan.sys [2003-03-31 34432]

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 catchme;catchme; \??\C:\DOCUME~1\Test\LOCALS~1\Temp\catchme.sys []

R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S2 asapiW2k;asapiW2k; \??\C:\WINDOWS\System32\DRIVERS\asapiW2k.sys []

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 AmeAtmPc;AmeAtmPc; C:\WINDOWS\System32\DRIVERS\AmeAtmPc.sys []

S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []

S3 AtmElan;ATM Emulated LAN; C:\WINDOWS\System32\DRIVERS\atmlane.sys [2004-08-04 55936]

S3 AtmLane;ATM LAN Emulation; C:\WINDOWS\System32\DRIVERS\atmlane.sys [2004-08-04 55936]

S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys []

S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys []

S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]

S3 KMWDFILTER;KMWDFILTER; \??\C:\WINDOWS\System32\Drivers\KMWDFILTER.sys []

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-07-29 47360]

S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys []

S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-11 32256]

S3 SNTNLUSB;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2002-12-17 26120]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]

S3 USB_RNDIS;NETGEAR DG632 USB MODEM; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys []

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S3 z800bus;Sony Ericsson Z800 driver (WDM); C:\WINDOWS\system32\DRIVERS\z800bus.sys [2005-02-09 55216]

S3 z800mdfl;Sony Ericsson Z800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z800mdfl.sys [2005-02-09 6576]

S3 z800mdm;Sony Ericsson Z800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\z800mdm.sys [2005-02-09 89872]

S3 z800mgmt;Sony Ericsson Z800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\z800mgmt.sys [2005-02-09 81760]

S3 z800obex;Sony Ericsson Z800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\z800obex.sys [2005-02-09 79488]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2006-03-03 69632]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-22 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-22 137200]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 FreezeScreenSaver;FreezeScreenSaver; C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 69632]

S4 hpdj00;hpdj00; C:\DOCUME~1\Admin\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

 

 

 

 

SDFix: Version 1.240

Run by Administrator on Sat 27/12/2008 at 12:49 PM

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 13:23:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\MSGTAG\\MSGTAG.exe"="C:\\Program Files\\MSGTAG\\MSGTAG.exe:*:Enabled:MSGTAG"

"C:\\Program Files\\Gekko Mahjongg\\Mahjongg.exe"="C:\\Program Files\\Gekko Mahjongg\\Mahjongg.exe:*:Enabled:Mahjongg"

"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"="C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"

"C:\\Program Files\\SpywareGuard\\sgliveupdate.exe"="C:\\Program Files\\SpywareGuard\\sgliveupdate.exe:*:Enabled:SpywareGuard LiveUpdate"

"C:\\Program Files\\SpywareBlaster\\spywareblaster.exe"="C:\\Program Files\\SpywareBlaster\\spywareblaster.exe:*:Enabled:SpywareBlaster"

"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"="C:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"D:\\Program Files\\Kyodai Mahjongg 06 v1.42\\kmj.exe"="D:\\Program Files\\Kyodai Mahjongg 06 v1.42\\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\\Documents and Settings\\Test\\Local Settings\\Temp\\ImInstaller\\FreeEcardMovies_Installer.exe"="C:\\Documents and Settings\\Test\\Local Settings\\Temp\\ImInstaller\\FreeEcardMovies_Installer.exe:*:Enabled:IncrediMail Installer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"

Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"

Thu 13 Dec 2007 2,620 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Thu 25 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 21 Nov 2007

Link to post
Share on other sites

Double click on ComboFix and allow it to run without the recovery console for now.

 

So far there is no sign of infection on the machine.

 

 

:sparkle: I disabled my AVG 8 as requested and tried to run Combofix.

 

I get an error box coming up saying

 

C:\32788R~1 not in expected location.

 

Inform sUBs now!!

 

OK

 

I have deleted it and reinstalled it but get the same message.

 

Sorry !!

 

:(:unsure:

Link to post
Share on other sites

I think I read today he will be off line for a few days....

 

 

Let's try this next

 

 

NEXT**

Go to Start > Control Panel > Internet Options

In the General tab, Temporary Internet Files, click:Delete Files When prompted, check:Delete all offline content

You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)

Click OK

 

For I.E. 7 - under Browsing History, click delete... Under Temporary Internet Files, click Delete files...

 

Then, go to Start >Run and enter: cleanmgr

Select the drive to clean: C:\

Check the following boxes and then press OK to remove:

Temporary Files

Temporary Internet Files

RecycleBin

Agree to the prompt to perform the action...

 

 

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.

Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.

 

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program

as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

========================

 

 

 

 

 

 

 

NEXT**

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.

The below scan can take up to an hour or longer, please be patient.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

 

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

 

Please do a scan with Kaspersky Online Scanner or from here

http://www.kaspersky.com/virusscanner

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

Click on the Accept button and install any components it needs.

[*]The program will install and then begin downloading the latest definition

files.

[*]After the files have been downloaded on the left side of the page in the Scan section select My Computer.

[*]This will start the program and scan your system.

[*]The scan will take a while, so be patient and let it run. (At times it may appear to stall)

* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

 

[*]Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:

Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in

your reply.

 

Animated tutorial

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

 

(Note.. for Internet Explorer 7 users:

If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

 

 

In your next reply post:

Kaspersky log

New HJT log taken after the above scans have run

Link to post
Share on other sites

Ok have done as requested

 

I also use CCleaner & CleapUp reqularly FYI.

 

Thanks Juliet.

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, December 28, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, December 27, 2008 09:18:37

Records in database: 1520325

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

E:\

F:\

 

Scan statistics:

Files scanned: 135927

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 04:09:26

 

No malware has been detected. The scan area is clean.

 

The selected area was scanned.

 

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Test at 2008-12-28 10:51:23

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 371 GB (78%) free of 477 GB

Total RAM: 1024 MB (47% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:51:38 AM, on 28/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Test\My Documents\Downloads\HJT\RSIT.exe

C:\Program Files\trend micro\Test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:filtered:/asinst.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...390/mcfscan.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9143 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{BDC4A648-5C81-4F29-9612-F3B41A5E9C36}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-12-25 5804872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-22 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-22 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-12-25 5804872]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-11-20 155648]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-30 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-12-25 160592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Webshots.lnk]

C:\Program Files\Webshots\Launcher.exe [2007-10-29 157008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-14 352256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-09-02 77824]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\MSGTAG\MSGTAG.exe"="C:\Program Files\MSGTAG\MSGTAG.exe:*:Enabled:MSGTAG"

"C:\Program Files\Gekko Mahjongg\Mahjongg.exe"="C:\Program Files\Gekko Mahjongg\Mahjongg.exe:*:Enabled:Mahjongg"

"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"

"C:\Program Files\SpywareGuard\sgliveupdate.exe"="C:\Program Files\SpywareGuard\sgliveupdate.exe:*:Enabled:SpywareGuard LiveUpdate"

"C:\Program Files\SpywareBlaster\spywareblaster.exe"="C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster"

"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"

"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\Kyodai Mahjongg 2006\kmj.exe"="C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"

"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"

"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"D:\Program Files\Kyodai Mahjongg 06 v1.42\kmj.exe"="D:\Program Files\Kyodai Mahjongg 06 v1.42\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\Documents and Settings\Test\Local Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe"="C:\Documents and Settings\Test\Local Settings\Temp\ImInstaller\FreeEcardMovies_Installer.exe:*:Enabled:IncrediMail Installer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

======List of files/folders created in the last 1 months======

 

2008-12-27 16:25:24 ----A---- C:\Bug.txt

2008-12-27 13:41:51 ----A---- C:\log 271208.txt

2008-12-27 11:40:19 ----D---- C:\SDFix

2008-12-25 17:04:21 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm

2008-12-25 17:03:23 ----D---- C:\Program Files\Siber Systems

2008-12-25 08:51:50 ----D---- C:\rsit

2008-12-23 10:46:23 ----D---- C:\Program Files\Common Files\Ahead

2008-12-22 22:02:09 ----D---- C:\Program Files\a-squared Free

2008-12-22 21:55:18 ----D---- C:\Program Files\RogueRemover FREE

2008-12-17 18:42:14 ----D---- C:\Program Files\Mozilla Firefox

2008-12-15 00:20:17 ----D---- C:\Program Files\Xvid

2008-12-14 15:25:19 ----A---- C:\WINDOWS\savers.ini

2008-12-12 14:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 14:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 14:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 14:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

 

======List of files/folders modified in the last 1 months======

 

2008-12-28 10:51:38 ----D---- C:\WINDOWS\Temp

2008-12-28 10:51:31 ----D---- C:\WINDOWS\Prefetch

2008-12-28 10:51:29 ----D---- C:\Program Files\Trend Micro

2008-12-28 09:10:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-27 21:31:48 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-27 21:28:26 ----D---- C:\WINDOWS

2008-12-27 16:49:53 ----D---- C:\WINDOWS\system32

2008-12-27 13:22:43 ----SD---- C:\WINDOWS\Tasks

2008-12-27 11:12:08 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-27 01:41:15 ----D---- C:\Program Files\Jewel Quest II

2008-12-26 20:45:11 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-25 17:03:23 ----AD---- C:\Program Files

2008-12-25 09:12:58 ----D---- C:\HJT

2008-12-25 08:31:49 ----D---- C:\Config.Msi

2008-12-23 10:47:35 ----SHD---- C:\WINDOWS\Installer

2008-12-23 10:46:23 ----AD---- C:\Program Files\Common Files

2008-12-23 07:49:46 ----D---- C:\WINDOWS\system32\ActiveScan

2008-12-22 19:24:39 ----D---- C:\Program Files\Google

2008-12-22 18:27:51 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2008-12-19 11:10:36 ----HD---- C:\WINDOWS\inf

2008-12-19 11:10:33 ----RSHD---- C:\WINDOWS\system32\dllcache

2008-12-19 11:10:21 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-17 18:42:31 ----D---- C:\Documents and Settings\Test\Application Data\Mozilla

2008-12-16 22:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-16 17:34:25 ----D---- C:\Program Files\Jewel Quest III

2008-12-14 17:32:05 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-12-14 16:12:09 ----D---- C:\WINDOWS\Debug

2008-12-14 16:10:20 ----D---- C:\Program Files\SUPERAntiSpyware

2008-12-14 15:48:00 ----D---- C:\WINDOWS\system32\drivers

2008-12-14 15:48:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-13 16:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-12 14:13:00 ----D---- C:\Program Files\Internet Explorer

2008-12-12 14:12:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-12-11 21:00:26 ----D---- C:\Temp

2008-12-11 18:11:56 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-10 09:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-04 21:46:08 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2008-12-04 21:42:56 ----A---- C:\WINDOWS\system32\xvidcore.dll

2008-12-02 22:36:59 ----D---- C:\Program Files\PokerStars

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]

R2 Atmuni;ATM Call Manager; C:\WINDOWS\System32\DRIVERS\atmuni.sys [2003-03-31 352256]

R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []

R2 EdgeStat;EdgeStat; \??\C:\WINDOWS\system32\drivers\edgestat.sys []

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]

R2 PAR1284;PAR1284; \??\C:\WINDOWS\system32\drivers\PAR1284.sys []

R2 Rawwan;RAW WAN Driver; C:\WINDOWS\System32\DRIVERS\rawwan.sys [2003-03-31 34432]

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 catchme;catchme; \??\C:\DOCUME~1\Test\LOCALS~1\Temp\catchme.sys []

R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S2 asapiW2k;asapiW2k; \??\C:\WINDOWS\System32\DRIVERS\asapiW2k.sys []

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 AmeAtmPc;AmeAtmPc; C:\WINDOWS\System32\DRIVERS\AmeAtmPc.sys []

S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []

S3 AtmElan;ATM Emulated LAN; C:\WINDOWS\System32\DRIVERS\atmlane.sys [2004-08-04 55936]

S3 AtmLane;ATM LAN Emulation; C:\WINDOWS\System32\DRIVERS\atmlane.sys [2004-08-04 55936]

S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys []

S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys []

S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]

S3 KMWDFILTER;KMWDFILTER; \??\C:\WINDOWS\System32\Drivers\KMWDFILTER.sys []

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-07-29 47360]

S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys []

S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-11 32256]

S3 SNTNLUSB;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2002-12-17 26120]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]

S3 USB_RNDIS;NETGEAR DG632 USB MODEM; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys []

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S3 z800bus;Sony Ericsson Z800 driver (WDM); C:\WINDOWS\system32\DRIVERS\z800bus.sys [2005-02-09 55216]

S3 z800mdfl;Sony Ericsson Z800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z800mdfl.sys [2005-02-09 6576]

S3 z800mdm;Sony Ericsson Z800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\z800mdm.sys [2005-02-09 89872]

S3 z800mgmt;Sony Ericsson Z800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\z800mgmt.sys [2005-02-09 81760]

S3 z800obex;Sony Ericsson Z800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\z800obex.sys [2005-02-09 79488]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2006-03-03 69632]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-22 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-22 137200]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 FreezeScreenSaver;FreezeScreenSaver; C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 69632]

S4 hpdj00;hpdj00; C:\DOCUME~1\Admin\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

Link to post
Share on other sites

C:\Program Files\MSGTAG\MSGTAG.exe <--What info can you give me about this program?

 

 

 

 

 

Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

===

 

 

 

Please go to: VirusTotal

  • Posted Image

     

     

     

     

  • Click the Browse button and search for the following file: C:\32788R~1
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"
Link to post
Share on other sites

Hi Juliet :sparkle:

 

C:\Program Files\MSGTAG\MSGTAG.exe - is a program I don't use anymore, I thought I had uninstalled it.

It tags your emails and sends a reply email back to when the person opens your email ~ does not require any response from the reciever. However, there are a few email programs it does not work with ~ so in fact it does not give a true result.

 

I tried to do what you said but C:\32788R~1 was not located.

 

I had cleaned up my downloads from yesterday and deleted combofix ~ so I downloaded it again and tried to run it without the Windows Recovery Console and it started to run.

 

It actually told me that my computer did not have WRC on it and would I like to install that now? Which I did and then ran through the scan without anyproblem.

 

It also automatically disabled my AVG8. A well put together little program.

 

So below is the log from Combofix

 

 

Thanks for all your time with this Juliet. :sparkle:

I really appreciate it. :clap:

 

 

ComboFix 08-12-28.01 - Test 2008-12-29 8:50:11.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.482 [GMT 10:00]

Running from: c:\documents and settings\Test\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Test\Application Data\inst.exe

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab

c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FREEZESCREENSAVER

-------\Service_FreezeScreenSaver

 

 

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))

.

 

2008-12-27 11:40 . 2008-12-27 13:29 <DIR> d-------- C:\SDFix

2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\RoboForm

2008-12-25 08:51 . 2008-12-25 08:52 <DIR> d-------- C:\rsit

2008-12-23 10:46 . 2008-12-23 10:46 <DIR> d-------- c:\program files\Common Files\Ahead

2008-12-22 22:02 . 2008-12-23 00:41 <DIR> d-------- c:\program files\a-squared Free

2008-12-22 21:55 . 2008-12-22 22:02 <DIR> d-------- c:\program files\RogueRemover FREE

2008-12-15 00:20 . 2008-12-15 00:20 <DIR> d-------- c:\program files\Xvid

2008-12-14 15:25 . 2008-12-14 15:25 90 --a------ c:\windows\savers.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-28 00:51 --------- d-----w c:\program files\Trend Micro

2008-12-26 15:41 --------- d-----w c:\program files\Jewel Quest II

2008-12-22 09:24 --------- d-----w c:\program files\Google

2008-12-16 12:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-16 07:34 --------- d-----w c:\program files\Jewel Quest III

2008-12-14 07:32 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-14 06:10 --------- d-----w c:\program files\SUPERAntiSpyware

2008-12-14 05:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-12-12 04:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-03 09:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-03 09:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-12-02 12:36 --------- d-----w c:\program files\PokerStars

2008-11-26 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink

2008-11-24 12:35 --------- d-----w c:\program files\Yahoo!

2008-11-24 12:34 --------- d-----w c:\program files\Winferno

2008-11-24 12:11 --------- d-----w c:\program files\Seekeen

2008-11-19 07:22 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-13 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\Installations

2008-11-13 23:02 --------- d-----w c:\program files\Nokia

2008-11-13 23:02 --------- d-----w c:\program files\Common Files\PCSuite

2008-11-13 23:02 --------- d-----w c:\program files\Common Files\Nokia

2008-11-11 15:33 --------- d-----w c:\program files\Plus!

2008-11-11 14:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-07 03:38 --------- d-----w c:\program files\Common Files\Adobe

2008-11-05 13:15 --------- d-----w c:\program files\Media Converter SA Edition

2008-11-03 10:26 --------- d-----w c:\documents and settings\Test\Application Data\Nokia

2008-11-03 08:19 --------- d-----w c:\documents and settings\All Users\Application Data\{6E59BB90-41C1-43F8-916E-BC7245684C50}

2008-10-31 06:14 --------- d-----w c:\program files\Mixed In Key 3

2008-10-31 06:01 --------- d-----w c:\program files\Search Settings

2008-10-31 06:01 --------- d-----w c:\documents and settings\Test\Application Data\Search Settings

2008-10-31 05:58 --------- d-----w c:\program files\Free Audio Pack

2008-10-31 05:44 --------- d-----w c:\program files\Luxor Bundle Pack

2008-10-31 05:43 --------- d-----w c:\program files\Kyodai Mahjongg 06 v1.42

2008-10-31 05:42 --------- d-----w c:\program files\Kyodai Mahjongg

2008-10-31 05:41 --------- d-----w c:\program files\Dragons 7

2008-10-31 05:41 --------- d-----r c:\program files\Interpol - The Trail of Dr. Chaos

2008-10-31 05:40 --------- d-----w c:\program files\Dragons4

2008-10-31 05:39 --------- d-----w c:\program files\Azada

2008-10-31 04:23 81,920 ----a-w c:\documents and settings\Test\Application Data\ezpinst.exe

2008-10-31 04:23 47,360 ----a-w c:\documents and settings\Test\Application Data\pcouffin.sys

2008-10-31 04:23 --------- d-----w c:\documents and settings\Test\Application Data\Vso

2008-10-31 04:08 --------- d-----w c:\program files\DVD Shrink

2008-10-31 04:08 --------- d-----w c:\program files\DVD Decrypter

2008-10-31 04:05 --------- d-----w c:\program files\DVDFab HD Decrypter 3

2008-10-31 03:55 --------- d-----w c:\program files\Common Files\AVSMedia

2008-10-31 03:31 --------- d-----w c:\program files\CleanUp!

2008-10-31 03:29 --------- d-----w c:\program files\Common Files\InstallShield

2008-10-31 03:28 --------- d-----w c:\program files\PCPitstop

2008-10-31 03:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-10-31 03:17 --------- d-----w c:\program files\Windows Media Connect 2

2008-10-31 03:17 --------- d-----w c:\program files\ReadIris

2008-10-31 03:17 --------- d-----w c:\program files\Ipod Video Converter

2008-10-31 03:17 --------- d-----w c:\program files\GameHouse

2008-10-29 08:04 --------- d-----w c:\program files\Zada Solutions

2008-10-29 08:04 --------- d-----w c:\program files\WinPatrol

2008-10-29 08:04 --------- d-----w c:\program files\Windows & Internet Washer

2008-10-29 08:04 --------- d-----w c:\program files\Webshots

2008-10-29 08:04 --------- d-----w c:\program files\Unzipped

2008-10-29 07:58 --------- d-----w c:\program files\Smart Ripper

2008-10-29 07:58 --------- d-----w c:\program files\PrintFolders

2008-10-29 07:58 --------- d-----w c:\program files\Oberon Media

2008-10-29 07:57 --------- d-----w c:\program files\Mysteryville

2008-10-29 07:57 --------- d-----w c:\program files\Karen's Power Tools

2008-10-29 07:57 --------- d-----w c:\program files\Jewels of Cleopatra

2008-10-29 07:49 --------- d-----w c:\program files\ffdshow

2008-10-29 07:49 --------- d-----w c:\program files\etax2008

2008-10-29 07:49 --------- d-----w c:\program files\EmailStripper

2008-10-29 07:49 --------- d-----w c:\program files\Elaborate Bytes

2008-10-29 07:49 --------- d-----w c:\program files\CCleaner

2008-10-29 07:48 --------- d-----w c:\program files\AVSMedia

2008-10-29 07:48 --------- d-----w c:\program files\321Studios

2008-10-29 02:47 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2005-07-04 10:58 814 ---ha-w c:\documents and settings\Test\hpothb07.dat

2005-07-04 10:58 294 ---ha-w c:\program files\hpothb07.dat

2005-07-04 10:58 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat

2005-07-04 10:57 503 ---ha-w c:\program files\hpothb07.tif

2003-11-14 00:34 119,512 ----a-w c:\documents and settings\Test\Application Data\GDIPFONTCACHEV1.DAT

2007-12-13 03:51 2,620 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-09-02 05:23 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-09-02 05:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-08-26 23:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-30 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-20 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-02 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-14 16:10 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.avis"= ff_acm.acm

"msacm.l3codec"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Webshots.lnk]

backup=c:\windows\pss\Webshots.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-11 23:12 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-14 97928]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-14 231704]

R2 EdgeStat;EdgeStat;\??\c:\windows\system32\drivers\edgestat.sys [2007-08-28 6912]

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

S2 hg1;hg1; []

S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys []

S3 Asushwio;Asushwio;\??\c:\windows\system32\drivers\Asushwio.sys [2003-09-12 5824]

S3 AtmElan;ATM Emulated LAN;c:\windows\system32\DRIVERS\atmlane.sys [2008-08-27 55936]

S3 AtmLane;ATM LAN Emulation;c:\windows\system32\DRIVERS\atmlane.sys [2008-08-27 55936]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S4 hpdj00;hpdj00;c:\docume~1\Admin\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio []

.

Contents of the 'Scheduled Tasks' folder

 

2008-12-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

 

2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{BDC4A648-5C81-4F29-9612-F3B41A5E9C36}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

.

- - - - ORPHANS REMOVED - - - -

 

HKU-Default-Run-Nokia.PCSync - d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

Notify-dimsntfy - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\8w0o3czi.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-29 08:56:23

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(492)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ntvdm.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-12-29 9:00:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-28 23:00:30

 

Pre-Run: 388,211,990,528 bytes free

Post-Run: 388,008,792,064 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

257 --- E O F --- 2008-12-19 02:48:51

Edited by Tillpott
Link to post
Share on other sites

Did you uninstall MSGTAG\MSGTAG.exe?

 

I think you should.

 

 

Glad ComboFix finally ran...

 

The logs that are coming back actually look good.

 

 

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan

    Wait for the scan to finish

  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Link to post
Share on other sites

Juliet

 

I have done a search for MSGTAG and cannot find it anywhere ??? That's weird. Where did you pick it up from ? :sparkle:

 

Did the ESET scan ~ Log below:

 

# version=4

# OnlineScanner.ocx=1.0.0.56

# OnlineScannerDLLA.dll=1, 0, 0, 51

# OnlineScannerDLLW.dll=1, 0, 0, 51

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3719 (20081227)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.064 (20070717)

# EOSSerial=c2559b228eb67f40ae1c408210516932

# end=finished

# remove_checked=true

# unwanted_checked=true

# utc_time=2008-12-29 07:05:17

# local_time=2008-12-29 05:05:17 (+1000, E. Australia Standard Time)

# country="Australia"

# osver=5.1.2600 NT Service Pack 2

# scanned=603060

# found=0

# scan_time=6815

 

 

 

How is it looking . . . . :unsure::sparkle:

Link to post
Share on other sites

Welcome back

 

Trying to review all the logs again for anything that sticks out....

So far not much at all.

 

"C:\Program Files\MSGTAG\MSGTAG.exe"=- Was listed under firewall rules...no where else.

C:\Program Files\MSGTAG <--Check for this folder, if not found it's gone.

 

c:\program files\Winferno <--Locate this folder, open and tell me what .exe's are inside

I find mixed associated files that can be with this.....want to see which are with yours.

 

Seekeen is actually considered to be unsafe

http://www.pcpitstop.com/libraries/process...eekeen.exe.html

 

 

How's the computer?

Link to post
Share on other sites

Thanks Juliet, :sparkle:

 

C:\Program Files\MSGTAG <--Check for this folder. NOT FOUND

C:\program files\Winferno <--Locate this folder, open and tell me what .exe's are inside EMPTYSeekeen is actually considered to be unsafe EMPTY

 

The computer seems fine nothing untoward happening.

 

I am still getting the odd email sent by my own email address which I do not open but forward on to [email protected] ISP as a file attachment.

 

Will ring them again today and chase them up to see what the heck is going on.

 

I am very gratedul for all the time you have put in helping me Juliet. :sparkle:

 

Thank you again :clap:

 

Regards

Lynne (Tillpott)

Link to post
Share on other sites

Lynne

Are the emails coming to you only, as in something you did actually send ....something like a duplicate

or are other people getting these same mysterious emails on your address list?

 

 

Delete Seekeen, then the related folders

 

the same with C:\program files\Winferno

 

No need to keep those if their empty.

 

 

 

 

Download gmer.zip from here: http://www.gmer.net/files.php to your desktop.

 

# Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .

 

# If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

* In the right panel, you will see several boxes that have been checked. Uncheck the following ...

o Sections

o IAT/EAT

o Drives/Partition other than Systemdrive (typically C:\)

o Show All (don't miss this one)

 

* Then click the Scan button & wait for it to finish.

* Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" o

* Save it where you can easily find it, such as your desktop

 

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

Post this log for me to check.

Link to post
Share on other sites

Are the emails coming to you only, as in something you did actually send ....something like a duplicate

or are other people getting these same mysterious emails on your address list?

 

* As far as I am aware ~ they are only coming to me from me using 2 of my 9 email addresses.

 

My ISP has put a SPAM BLOCK on those 2 email addresses as of 2 mins ago, so I will have to wait and see if that works. :sparkle:

 

Here is the log file on GMER:

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-30 11:00:20

Windows 5.1.2600 Service Pack 2

 

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\AuxUserType\2

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\AuxUserType\[email protected] Picture

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\Conversion\Readable

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\Conversion\Readable\Main

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\Conversion\Readable\[email protected] 8,PBrush

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\DataFormats\DefaultFile

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\DataFormats\[email protected] 8

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\DataFormats\GetSet

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\DataFormats\GetSet\0

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\DataFormats\GetSet\[email protected] 8,1,1,3

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\[email protected] ole32.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\[email protected] 536

Reg HKLM\SOFTWARE\Classes\CLSID\{0089744B-49A5-5120-96CE-D99B0182D156}\[email protected] StaticDib

Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\[email protected] C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMENG.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\[email protected] DMM.Classifier.1

Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\[email protected] {C1CD5353-28E5-11D3-8C76-00600832DCED}

Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\[email protected] DMM.Classifier

Reg HKLM\SOFTWARE\Classes\CLSID\{1A67FD06-7264-0181-C3D4-FF11B7F305AB}\[email protected] C:\WINDOWS\System32\wbem\wmipcima.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{1A67FD06-7264-0181-C3D4-FF11B7F305AB}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{250B3828-22E4-062D-4A9A-C74D29C65AE7}\[email protected] OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{250B3828-22E4-062D-4A9A-C74D29C65AE7}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{250B3828-22E4-062D-4A9A-C74D29C65AE7}\[email protected] x+v)9LXlXASR%S7{bQZ2LabelMaker>67k)4s6tf(JR`qF-Q9q.?LzCFuS`]1?W$QD1i+2RBCompressedFeature1>67k)4s6tf(JR`qF-Q9q.?B422&{$J?9=`x*in+%+r>67k)4s6tf(JR`qF-Q9q.?2PVnSdQ.`@_TTdbo$XXq>67k)4s6tf(JR`qF-Q9q.?)(vflm,pb=J4}Y_zeys%Systemfiles>67k)4s6tf(JR`qF-Q9q.?M}[email protected]!g8mQVI4p*'0`IntegrationManager>67k)4s6tf(JR`qF-Q9q.?kZdbbF$$P=Q{25Wnzm0L>67k)4s6tf(JR`qF-Q9q.?a5oO[[email protected]~eZHmIGccuPvc1>67k)4s6tf(JR`[email protected]*D(RV)Q^[email protected]>67k)4s6tf(JR`qF-Q9q.?-=O*?ReBNAxE%dkUX!TIMSRedist>67k)4s6tf(JR`qF-Q9q.?

Reg HKLM\SOFTWARE\Classes\CLSID\{2F268E5C-3634-763F-1461-6C7872B3FDD6}\[email protected] 3.0.3790

Reg HKLM\SOFTWARE\Classes\CLSID\{2F268E5C-3634-763F-1461-6C7872B3FDD6}\[email protected] WindowsInstaller.Message

Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\Implemented Categories\{AEF21081-CD22-11D2-A8E8-00C04F9FC436}

Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\Implemented Categories\{AEF21081-CD22-11D2-A8E8-00C04F9FC436}@

Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\[email protected] blank

Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\[email protected] C:\WINDOWS\system32\msvidctl.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\[email protected] BDATuner.ChannelTuneRequest.1

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\[email protected] {9B085638-018E-11D3-9D8E-00C04F72D980}

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED9F79-0914-E7E8-84AD-657FD665572A}\[email protected] BDATuner.ChannelTuneRequest

Reg HKLM\SOFTWARE\Classes\CLSID\{53AB9BF4-C30F-6F31-2556-37CF53EAEF23}\Implemented Categories\{AEF21081-CD22-11D2-A8E8-00C04F9FC436}

Reg HKLM\SOFTWARE\Classes\CLSID\{53AB9BF4-C30F-6F31-2556-37CF53EAEF23}\Implemented Categories\{AEF21081-CD22-11D2-A8E8-00C04F9FC436}@

Reg HKLM\SOFTWARE\Classes\CLSID\{53AB9BF4-C30F-6F31-2556-37CF53EAEF23}\[email protected] blank

Reg HKLM\SOFTWARE\Classes\CLSID\{53AB9BF4-C30F-6F31-2556-37CF53EAEF23}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{61F0DD5B-DC1D-9978-E828-2833974E4727}\[email protected] infosoft.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{61F0DD5B-DC1D-9978-E828-2833974E4727}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{62F5EB3E-6361-16A1-49B4-F2A1FD11284D}\[email protected] x+v)9LXlXASR%S7{bQZ2LabelMaker>=3&5,B^pf(V%eqFgkW_B?

Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\[email protected] %SystemRoot%\system32\SHELL32.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\[email protected] Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] C:\WINDOWS\System32\comct232.ocx

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] x+v)9LXlXASR%S7{bQZ2LabelMaker>5!4sf`Ctf(JR`qF-Q9q.?

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] 0

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\MiscStatus\1

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\MiscStatus\[email protected] 131473

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] ComCtl2.UpDown.1

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] C:\WINDOWS\System32\comct232.ocx, 1

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] {FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] 1.1

Reg HKLM\SOFTWARE\Classes\CLSID\{78F5FE27-AD69-F027-960D-AA7C52C19458}\[email protected] ComCtl2.UpDown

Reg HKLM\SOFTWARE\Classes\CLSID\{9101C6E7-4017-E4B8-6F14-C2ED48829DC4}\[email protected]

Reg HKLM\SOFTWARE\Classes\CLSID\{9101C6E7-4017-E4B8-6F14-C2ED48829DC4}\Verb\0

Reg HKLM\SOFTWARE\Classes\CLSID\{9101C6E7-4017-E4B8-6F14-C2ED48829DC4}\Verb\[email protected] &Edit,0,2

Reg HKLM\SOFTWARE\Classes\CLSID\{9101C6E7-4017-E4B8-6F14-C2ED48829DC4}\Verb\1

Reg HKLM\SOFTWARE\Classes\CLSID\{9101C6E7-4017-E4B8-6F14-C2ED48829DC4}\Verb\[email protected] &Open,0,2

Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\[email protected] C:\WINDOWS\system32\msvidctl.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\[email protected] {9B085638-018E-11D3-9D8E-00C04F72D980}

Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\[email protected] {00020907-0000-0000-C000-000000000046}

Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\[email protected] C:\PROGRA~1\MI31D0~1\OFFICE11\WINWORD.EXE,1

Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\[email protected]

Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\[email protected]

Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\[email protected] Word.Picture.6

Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\[email protected] {00020906-0000-0000-C000-000000000046}

Reg HKLM\SOFTWARE\Classes\CLSID\{AA799B29-DFC3-E9DF-61A7-ECBC754CA6D8}\[email protected] C:\WINDOWS\system32\capicom.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{AA799B29-DFC3-E9DF-61A7-ECBC754CA6D8}\[email protected] Both

Reg HKLM\SOFTWARE\Classes\CLSID\{AA799B29-DFC3-E9DF-61A7-ECBC754CA6D8}\[email protected] CAPICOM.PrivateKey.1

Reg HKLM\SOFTWARE\Classes\CLSID\{AA799B29-DFC3-E9DF-61A7-ECBC754CA6D8}\[email protected] {BD26B198-EE42-4725-9B23-AFA912434229}

Reg HKLM\SOFTWARE\Classes\CLSID\{AA799B29-DFC3-E9DF-61A7-ECBC754CA6D8}\[email protected] CAPICOM.PrivateKey

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected]

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected] C:\PROGRA~1\SONYER~1\Mobile\SYNCST~1\DbConf.ocx

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected] Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected] 0

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\MiscStatus\1

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\MiscStatus\[email protected] 131473

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected] Teleca.TSS.SyncStation.DbConfCtrl.SEMC2.1

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected] C:\PROGRA~1\SONYER~1\Mobile\SYNCST~1\DbConf.ocx, 1

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected] {F1495886-15DA-43C7-8E35-A9C74BEE07BD}

Reg HKLM\SOFTWARE\Classes\CLSID\{ABA0BEC4-E1F7-E764-860F-0BEAB91E5688}\[email protected] 1.0

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5F3516-867C-6BA5-24D5-68E543369D6B}\[email protected] blank

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5F3516-867C-6BA5-24D5-68E543369D6B}\[email protected] Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5F3516-867C-6BA5-24D5-68E543369D6B}\[email protected] 1

 

---- EOF - GMER 1.0.14 ----

Link to post
Share on other sites

That appears clean to me.

 

Check your Email setting that no return notification has been set as

I think, notify me when read?

What I'm hoping is your ISP can figure out whats going on cause no malware has been seen here.

 

 

Let's get ComboFix removed....then run an aggressive scanner

 

 

Don't miss or skip this next step, this will remove bad files from quarantine and set a clean restore point.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.
Example below

Posted Image

 

 

 

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

• Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.

* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.

* Once the short scan has finished, Click Options > Change settings

* Choose the "Scan tab" and UNcheck "Heuristic analysis"

* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)

* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.

* When done, a message will be displayed at the bottom advising if any viruses were found.

* Click "Yes to all" if it asks if you want to cure/move the file.

* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".

(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.

* Save the DrWeb.csv report to your desktop.

* Exit Dr.Web Cureit when done.

* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

 

Link to post
Share on other sites

:sparkle: Hey Juliet,

 

I tried the 'run - combofix' thingy but it said it could not locate any files, so i moved on to the next step and ran the DrWeb scan, WOW that sure goes deep !!!

 

Took hours so hence the delay in response ~ but found stuff I did not even know I still had.

 

Here is the log:

 

psexec.cfexe;C:\ComboFix;Program.PsExec.171;Moved.;

MSGTAG145.exe\data002;C:\Documents and Settings\Test\My Documents\Downloads\Desktop Tools\MSGTAG145.exe;BackDoor.Nels.9;;

MSGTAG145.exe;C:\Documents and Settings\Test\My Documents\Downloads\Desktop Tools;Archive contains infected objects;Moved.;

nero7082.exe\Windows/Profiles/Start Menu/Programs/Nero 7 Ultra Edition/Tools/Keygen.exe;C:\Documents and Settings\Test\My Documents\Downloads\DVD tools\Nero7.0.82\nero7082.exe;Trojan.PWS.Banker.25285;;

nero7082.exe;C:\Documents and Settings\Test\My Documents\Downloads\DVD tools\Nero7.0.82;Archive contains infected objects;Moved.;

Keygen.exe;C:\Documents and Settings\Test\Start Menu\Programs\Nero 7 Ultra Edition\Tools;Trojan.PWS.Banker.25285;Deleted.;

Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;

A0137628.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP850;Trojan.PWS.Banker.25285;Deleted.;

data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP856\A0139108.exe\data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP856\A0139108.exe;Archive contains infected objects;;

A0139108.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP856;Archive contains infected objects;Moved.;

A0139144.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP857\A0139144.exe;Tool.Prockill;;

A0139144.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP857;Archive contains infected objects;Moved.;

A0139145.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP857\A0139145.exe;Tool.Prockill;;

A0139145.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP857;Archive contains infected objects;Moved.;

data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP857\A0139146.exe\data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP857\A0139146.exe;Archive contains infected objects;;

A0139146.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP857;Archive contains infected objects;Moved.;

A0139205.EXE;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP859;Program.PsExec.170;Moved.;

data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP859\A0139251.exe\data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP859\A0139251.exe;Archive contains infected objects;;

A0139251.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP859;Archive contains infected objects;Moved.;

data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP861\A0140300.exe\data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP861\A0140300.exe;Archive contains infected objects;;

A0140300.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP861;Archive contains infected objects;Moved.;

A0140306.exe;C:\System Volume Information\_restore{E6E56918-9394-474E-ACD3-23EED6B22D43}\RP861;Trojan.PWS.Banker.25285;Deleted.;

 

 

:sparkle: Your great to work with Juliet and amazingly thorough, thank you soooo much. :sparkle:

 

:party: HAPPY NEW YEAR BTW it is only 1.5hrs away from me here in Australia.

Yes I know it's sad that I am sitting at home on my computer on New Years Eve but @ 54yrs I am generally sound asleep by midnight waking only to respond to family & friends who " thoughtfully " send me an SMS @ midnight.

 

:sparkle: Hope you have a safe and blessed 2009. :sparkle:

 

Hope my computer is ok ~ let me know if you require any further tests done.

 

Lynne (Tillpott) :sparkle:

Link to post
Share on other sites

Welcome back

Your great to work with Juliet and amazingly thorough, thank you soooo much

Lynne, your very welcome

HAPPY NEW YEAR BTW it is only 1.5hrs away from me here in Australia.

Yes...you guys are ahead of us here.....

Yes I know it's sad that I am sitting at home on my computer on New Years Eve but @ 54yrs I am generally sound asleep by midnight

Hope you have a safe and blessed 2009

Hope my computer is ok ~ let me know if you require any further tests done.

Hoping you have a safe and blesses 2009 also.

 

From appearance sake, the machine is clean. The last scan found what I think are the remainders.

The command to uninstall ComboFix should had been run first.....no biggie we will go after it manually now.

 

 

Verify the C:\Qoobox

C:\ComboFix folders were removed and C:\ComboFix.txt

Delete whatever is found then reboot.

 

 

Post back and let me know how the computer is now.

Link to post
Share on other sites

:sparkle:

All done ... removed the folders did a CCleaner & CleanUp and defragged then ran a Full PC test and had NO changes to make.

 

I have not had anymore of those emails so perhaps the :spam: filter from the ISP has done the trick.

 

The computer is running fine and is now clean as a whistle thanks to you Juliet. :rocks:

 

Have a SAFE, HAPPY and PROSPEROUS 2009. :party:

 

Warm regards

Lynne (Tillpott) :sparkle:

:sparkle:

Link to post
Share on other sites

It's all good news then....

 

Your good to go

 

 

 

Please take the time to read over a few of my preventive tips.

 

 

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 2.0

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Free Antivirus-AntiSpyware-Firewall Software

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-c...-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
×
×
  • Create New...