Sign In
Create Account
0
Hi,
I've been experiencing problems with my computer since it was infected with vundo around the beginning of the month. MalwareBytes seemed to have solved the problem but since 7 May the same infected files have been showing up over and over again. I've tried everything I know to get rid of them but nothing is working. I tried using the XP Recovery Console to manually delete the files but that didn't work either. Any help would be appreciated.
MalwareBytes log:
/21/2009 1:32:57 PM
mbam-log-2009-05-21 (13-32-57).txt
Scan type: Quick Scan
Objects scanned: 109548
Time elapsed: 13 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\msb.dll (Spyware.Agent) -> Delete on reboot.
C:\Documents and Settings\Allison\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Allison\Start Menu\Programs\Startup\ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Allison\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HiJackThis log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\MDL CrossFire Commander 7.0\XFDLINK.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [XFDLINK] "C:\Program Files\MDL CrossFire Commander 7.0\XFDLINK.EXE"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Allison\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3543391616.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SYS32DLL] SYS32DLL (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242006526917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158983558441
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 14077 bytes
-
This topic is locked
Back to top
#2
Posted 22 May 2009 - 12:08 AM
-
- Moderators
-
- 1,648 posts
Forum Deity
- Gender:Male
Hi. 
Download ComboFix from one of the locations below, and save it to your Desktop.
[indent] Link 1
Link 2 [/indent]Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply
Note: Do not mouseclick Combofix's window while its running. That may cause it to stall
Download ComboFix from one of the locations below, and save it to your Desktop.
[indent] Link 1
Link 2 [/indent]Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply
Note: Do not mouseclick Combofix's window while its running. That may cause it to stall
#3
Posted 22 May 2009 - 01:59 AM
-
- Members
-
- 5 posts
New Member
Hi,
Thanks so much for the help so far . Here are the logs.
ComboFix 09-05-21.01 - Allison 05/21/2009 21:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.656 [GMT -4:00]
Running from: c:\documents and settings\Allison\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Allison\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Allison\protect.dll
c:\documents and settings\Allison\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Allison\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\NetworkService\protect.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\8241_2.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthjbgpmhhxpmbymookupmridttesiyxdwx.sys
c:\windows\system32\lds.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\ovfsthcimknxdnggbaxixhbpecatndgxihsefw.dat
c:\windows\system32\ovfsthobdwdkipihljotsgesqyqhbnyvuhbfkp.dll
c:\windows\system32\ovfsthojqfnmudychprgflmccwvgbmmfggtwpi.dll
c:\windows\system32\ovfsthoqwgwrrhnaeusvodryrgjcqwgdqwgdop.dll
c:\windows\system32\ovfsthpkbimoubdyryfckbvgthqxnwclkgqhui.dat
c:\windows\system32\ovfsthqsnvpehqfwhxvmttabrfvkkwbphexubl.dat
c:\windows\Temp\2116919184.exe
c:\windows\Temp\2124530128.exe
c:\windows\Temp\2251212288.exe
c:\windows\Temp\2261711632.exe
c:\windows\Temp\3262450624.exe
c:\windows\Temp\3543391616.exe
c:\windows\Temp\778816352.exe
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthyjewtlatvleeyclwphyoecxkgijkexvs
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-21 19:21 . 2009-05-21 19:21 -------- d-----w c:\program files\Trend Micro
2009-05-20 23:33 . 2009-05-20 23:33 61440 ----a-w c:\windows\system32\drivers\msawh.sys
2009-05-17 20:22 . 2009-05-17 20:22 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Babylon
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\windows\system32\XPSViewer
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\MSBuild
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\Reference Assemblies
2009-05-11 18:19 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-11 18:19 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-11 18:19 . 2009-05-11 18:20 -------- d-----w C:\744aceaab82b39f2bef3c7699f
2009-05-11 18:16 . 2009-05-11 18:35 -------- d-----w c:\windows\SxsCaPendDel
2009-05-11 17:28 . 2009-05-11 17:28 -------- d-----w c:\windows\ie8updates
2009-05-11 17:21 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-11 02:51 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-11 02:50 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-11 02:50 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-11 02:50 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-11 02:50 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-11 02:50 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-11 02:50 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-11 02:50 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-11 02:50 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-11 02:50 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-11 02:50 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-11 02:50 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-11 02:50 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-11 02:49 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-11 02:49 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-11 02:48 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-11 02:48 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-11 02:48 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-11 02:48 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-11 02:48 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\scripting
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\l2schemas
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\en
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\bits
2009-05-11 02:26 . 2009-05-11 02:31 -------- d-----w c:\windows\ServicePackFiles
2009-05-11 02:10 . 2008-04-14 00:12 32768 ------w c:\windows\system32\setupn.exe
2009-05-11 02:09 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
2009-05-11 02:08 . 2008-04-14 00:11 12800 ------w c:\windows\system32\credssp.dll
2009-05-11 01:34 . 2009-05-11 01:34 -------- d-sh--w c:\documents and settings\Allison\PrivacIE
2009-05-11 01:28 . 2009-05-11 01:28 -------- d-sh--w c:\documents and settings\Allison\IETldCache
2009-05-11 01:27 . 2009-05-11 01:27 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-11 01:16 . 2009-05-11 01:18 -------- dc-h--w c:\windows\ie8
2009-05-11 01:03 . 2005-07-20 04:05 135168 ----a-w c:\windows\system32\igfxres.dll
2009-05-11 00:52 . 2008-04-14 00:10 67584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
2009-05-11 00:51 . 2006-02-28 12:00 8704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll
2009-05-11 00:50 . 2006-02-28 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll
2009-05-11 00:46 . 2006-02-28 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-11 00:33 . 2006-02-28 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-11 00:30 . 2009-05-11 00:30 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-09 16:03 . 2009-05-09 16:12 -------- d-----w c:\windows\system32\NtmsData
2009-05-08 21:34 . 2009-05-09 16:23 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 21:25 . 2009-05-18 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-07 14:02 . 2009-05-07 14:02 202 ----a-w C:\43214354.bat
2009-04-29 18:11 . 2009-04-29 18:11 -------- d-----w c:\windows\system32\KB905474
2009-04-29 18:11 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-29 18:11 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-29 02:20 . 2009-04-29 02:20 -------- d-----w c:\documents and settings\Allison\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 02:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 02:14 . 2009-04-29 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-29 02:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 16:25 . 2006-04-09 16:30 41310 ----a-w c:\documents and settings\Allison\Application Data\wklnhst.dat
2009-05-20 16:07 . 2007-10-09 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-20 03:10 . 2006-06-15 01:17 6580 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-20 03:10 . 2006-06-15 01:17 104 --sh--r c:\windows\system32\774B49F16B.sys
2009-05-11 18:40 . 2008-09-24 14:34 83088 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-11 02:44 . 2006-06-15 01:15 8224 ----a-w c:\documents and settings\Allison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 02:35 . 2006-09-04 03:55 88753 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-11 00:45 . 2004-08-10 18:02 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-11 00:45 . 2009-05-11 00:45 1663 ----a-w c:\windows\inf\COM18C.tmp
2009-03-08 08:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2008-08-02 03:04 . 2006-10-18 00:35 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-03 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 29744]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"XFDLINK"="c:\program files\MDL CrossFire Commander 7.0\XFDLINK.EXE" [2005-07-19 45056]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 1029664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
c:\documents and settings\Allison\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-3-23 157008]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-3 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-3-15 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aim6.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\MDL CrossFire Commander 7.0\\xfdlink.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Allison\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [11/16/2006 9:56 PM 58464]
R2 MSSQL$CAMBRIDGESOFT;MSSQL$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2007 9:13 PM 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/3/2006 1:23 AM 29744]
S3 SQLAgent$CAMBRIDGESOFT;SQLAgent$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
2009-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 02:00]
2009-05-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\3543391616.exe
HKU-Default-Run-autochk - c:\docume~1\NETWOR~1\protect.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 21:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1472)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-22 21:43
ComboFix-quarantined-files.txt 2009-05-22 01:42
Pre-Run: 31,057,772,544 bytes free
Post-Run: 37,461,954,560 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
314 --- E O F --- 2009-05-19 18:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:19 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [XFDLINK] "C:\Program Files\MDL CrossFire Commander 7.0\XFDLINK.EXE"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242006526917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158983558441
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11957 bytes
Thanks so much for the help so far
. Here are the logs.ComboFix 09-05-21.01 - Allison 05/21/2009 21:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.656 [GMT -4:00]
Running from: c:\documents and settings\Allison\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Allison\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Allison\protect.dll
c:\documents and settings\Allison\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Allison\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\NetworkService\protect.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\8241_2.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthjbgpmhhxpmbymookupmridttesiyxdwx.sys
c:\windows\system32\lds.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\ovfsthcimknxdnggbaxixhbpecatndgxihsefw.dat
c:\windows\system32\ovfsthobdwdkipihljotsgesqyqhbnyvuhbfkp.dll
c:\windows\system32\ovfsthojqfnmudychprgflmccwvgbmmfggtwpi.dll
c:\windows\system32\ovfsthoqwgwrrhnaeusvodryrgjcqwgdqwgdop.dll
c:\windows\system32\ovfsthpkbimoubdyryfckbvgthqxnwclkgqhui.dat
c:\windows\system32\ovfsthqsnvpehqfwhxvmttabrfvkkwbphexubl.dat
c:\windows\Temp\2116919184.exe
c:\windows\Temp\2124530128.exe
c:\windows\Temp\2251212288.exe
c:\windows\Temp\2261711632.exe
c:\windows\Temp\3262450624.exe
c:\windows\Temp\3543391616.exe
c:\windows\Temp\778816352.exe
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthyjewtlatvleeyclwphyoecxkgijkexvs
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-21 19:21 . 2009-05-21 19:21 -------- d-----w c:\program files\Trend Micro
2009-05-20 23:33 . 2009-05-20 23:33 61440 ----a-w c:\windows\system32\drivers\msawh.sys
2009-05-17 20:22 . 2009-05-17 20:22 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Babylon
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\windows\system32\XPSViewer
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\MSBuild
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\Reference Assemblies
2009-05-11 18:19 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-11 18:19 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-11 18:19 . 2009-05-11 18:20 -------- d-----w C:\744aceaab82b39f2bef3c7699f
2009-05-11 18:16 . 2009-05-11 18:35 -------- d-----w c:\windows\SxsCaPendDel
2009-05-11 17:28 . 2009-05-11 17:28 -------- d-----w c:\windows\ie8updates
2009-05-11 17:21 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-11 02:51 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-11 02:50 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-11 02:50 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-11 02:50 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-11 02:50 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-11 02:50 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-11 02:50 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-11 02:50 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-11 02:50 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-11 02:50 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-11 02:50 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-11 02:50 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-11 02:50 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-11 02:49 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-11 02:49 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-11 02:48 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-11 02:48 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-11 02:48 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-11 02:48 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-11 02:48 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\scripting
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\l2schemas
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\en
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\bits
2009-05-11 02:26 . 2009-05-11 02:31 -------- d-----w c:\windows\ServicePackFiles
2009-05-11 02:10 . 2008-04-14 00:12 32768 ------w c:\windows\system32\setupn.exe
2009-05-11 02:09 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
2009-05-11 02:08 . 2008-04-14 00:11 12800 ------w c:\windows\system32\credssp.dll
2009-05-11 01:34 . 2009-05-11 01:34 -------- d-sh--w c:\documents and settings\Allison\PrivacIE
2009-05-11 01:28 . 2009-05-11 01:28 -------- d-sh--w c:\documents and settings\Allison\IETldCache
2009-05-11 01:27 . 2009-05-11 01:27 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-11 01:16 . 2009-05-11 01:18 -------- dc-h--w c:\windows\ie8
2009-05-11 01:03 . 2005-07-20 04:05 135168 ----a-w c:\windows\system32\igfxres.dll
2009-05-11 00:52 . 2008-04-14 00:10 67584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
2009-05-11 00:51 . 2006-02-28 12:00 8704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll
2009-05-11 00:50 . 2006-02-28 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll
2009-05-11 00:46 . 2006-02-28 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-11 00:33 . 2006-02-28 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-11 00:30 . 2009-05-11 00:30 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-09 16:03 . 2009-05-09 16:12 -------- d-----w c:\windows\system32\NtmsData
2009-05-08 21:34 . 2009-05-09 16:23 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 21:25 . 2009-05-18 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-07 14:02 . 2009-05-07 14:02 202 ----a-w C:\43214354.bat
2009-04-29 18:11 . 2009-04-29 18:11 -------- d-----w c:\windows\system32\KB905474
2009-04-29 18:11 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-29 18:11 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-29 02:20 . 2009-04-29 02:20 -------- d-----w c:\documents and settings\Allison\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 02:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 02:14 . 2009-04-29 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-29 02:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 16:25 . 2006-04-09 16:30 41310 ----a-w c:\documents and settings\Allison\Application Data\wklnhst.dat
2009-05-20 16:07 . 2007-10-09 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-20 03:10 . 2006-06-15 01:17 6580 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-20 03:10 . 2006-06-15 01:17 104 --sh--r c:\windows\system32\774B49F16B.sys
2009-05-11 18:40 . 2008-09-24 14:34 83088 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-11 02:44 . 2006-06-15 01:15 8224 ----a-w c:\documents and settings\Allison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 02:35 . 2006-09-04 03:55 88753 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-11 00:45 . 2004-08-10 18:02 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-11 00:45 . 2009-05-11 00:45 1663 ----a-w c:\windows\inf\COM18C.tmp
2009-03-08 08:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2008-08-02 03:04 . 2006-10-18 00:35 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-03 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 29744]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"XFDLINK"="c:\program files\MDL CrossFire Commander 7.0\XFDLINK.EXE" [2005-07-19 45056]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 1029664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
c:\documents and settings\Allison\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-3-23 157008]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-3 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-3-15 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aim6.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\MDL CrossFire Commander 7.0\\xfdlink.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Allison\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [11/16/2006 9:56 PM 58464]
R2 MSSQL$CAMBRIDGESOFT;MSSQL$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2007 9:13 PM 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/3/2006 1:23 AM 29744]
S3 SQLAgent$CAMBRIDGESOFT;SQLAgent$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
2009-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 02:00]
2009-05-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\3543391616.exe
HKU-Default-Run-autochk - c:\docume~1\NETWOR~1\protect.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 21:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1472)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-22 21:43
ComboFix-quarantined-files.txt 2009-05-22 01:42
Pre-Run: 31,057,772,544 bytes free
Post-Run: 37,461,954,560 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
314 --- E O F --- 2009-05-19 18:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:19 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [XFDLINK] "C:\Program Files\MDL CrossFire Commander 7.0\XFDLINK.EXE"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242006526917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158983558441
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11957 bytes
#4
Posted 22 May 2009 - 11:32 PM
-
- Members
-
- 5 posts
New Member
I was wondering if I should run Malwarebytes and also post that log. Would that be helpful?
#5
Posted 23 May 2009 - 12:03 AM
-
- Moderators
-
- 1,648 posts
Forum Deity
- Gender:Male
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Quote
File::
c:\windows\system32\drivers\msawh.sys
C:\43214354.bat
c:\windows\system32\774B49F16B.sys
c:\windows\inf\COM18C.tmp
Folder::
C:\744aceaab82b39f2bef3c7699f
c:\windows\system32\drivers\msawh.sys
C:\43214354.bat
c:\windows\system32\774B49F16B.sys
c:\windows\inf\COM18C.tmp
Folder::
C:\744aceaab82b39f2bef3c7699f
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
#6
Posted 23 May 2009 - 03:17 AM
-
- Members
-
- 5 posts
New Member
Thanks for the quick response. Unfortunately, I've encountered a little problem. When I drag the .txt file into ComboFix my virus scan program comes up and says it found three files it detected as Tool-NirCmd. Then a message comes up that says "Windows cannot find 32788R22FWJFW\n.com. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search." I'm not sure what to do. Any help is much appreciated.
#7
Posted 23 May 2009 - 04:24 PM
-
- Moderators
-
- 1,648 posts
Forum Deity
- Gender:Male
Turn of your anti-virus, download Combofix again, run it, and post the log it produces.
#8
Posted 25 May 2009 - 04:27 AM
-
- Members
-
- 5 posts
New Member
Sorry it took me so long to respond! Here are the new logs.
ComboFix 09-05-21.01 - Allison 05/24/2009 23:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.512 [GMT -4:00]
Running from: c:\documents and settings\Allison\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Allison\Desktop\CFScript.txt
FILE ::
C:\43214354.bat
c:\windows\inf\COM18C.tmp
c:\windows\system32\774B49F16B.sys
c:\windows\system32\drivers\msawh.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\43214354.bat
C:\744aceaab82b39f2bef3c7699f
c:\744aceaab82b39f2bef3c7699f\amd64\filterpipelineprintproc.dll
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsdrv.cat
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsdrv.inf
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsinc.gpd
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsinc.ppd
c:\744aceaab82b39f2bef3c7699f\amd64\mxdwdrv.dll
c:\744aceaab82b39f2bef3c7699f\amd64\xpssvcs.dll
c:\744aceaab82b39f2bef3c7699f\i386\filterpipelineprintproc.dll
c:\744aceaab82b39f2bef3c7699f\i386\msxpsdrv.cat
c:\744aceaab82b39f2bef3c7699f\i386\msxpsdrv.inf
c:\744aceaab82b39f2bef3c7699f\i386\msxpsinc.gpd
c:\744aceaab82b39f2bef3c7699f\i386\msxpsinc.ppd
c:\744aceaab82b39f2bef3c7699f\i386\mxdwdrv.dll
c:\744aceaab82b39f2bef3c7699f\i386\xpssvcs.dll
c:\windows\inf\COM18C.tmp
c:\windows\system32\774B49F16B.sys
c:\windows\system32\drivers\msawh.sys
.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.
2009-05-21 19:21 . 2009-05-21 19:21 -------- d-----w c:\program files\Trend Micro
2009-05-17 20:22 . 2009-05-17 20:22 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Babylon
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\windows\system32\XPSViewer
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\MSBuild
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\Reference Assemblies
2009-05-11 18:19 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-11 18:19 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-11 18:16 . 2009-05-11 18:35 -------- d-----w c:\windows\SxsCaPendDel
2009-05-11 17:28 . 2009-05-11 17:28 -------- d-----w c:\windows\ie8updates
2009-05-11 17:21 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-11 02:51 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-11 02:50 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-11 02:50 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-11 02:50 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-11 02:50 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-11 02:50 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-11 02:50 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-11 02:50 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-11 02:50 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-11 02:50 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-11 02:50 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-11 02:50 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-11 02:50 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-11 02:49 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-11 02:49 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-11 02:48 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-11 02:48 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-11 02:48 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-11 02:48 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-11 02:48 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\scripting
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\l2schemas
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\en
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\bits
2009-05-11 02:26 . 2009-05-11 02:31 -------- d-----w c:\windows\ServicePackFiles
2009-05-11 02:10 . 2008-04-14 00:12 32768 ------w c:\windows\system32\setupn.exe
2009-05-11 02:09 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
2009-05-11 02:08 . 2008-04-14 00:11 12800 ------w c:\windows\system32\credssp.dll
2009-05-11 01:34 . 2009-05-11 01:34 -------- d-sh--w c:\documents and settings\Allison\PrivacIE
2009-05-11 01:28 . 2009-05-11 01:28 -------- d-sh--w c:\documents and settings\Allison\IETldCache
2009-05-11 01:27 . 2009-05-11 01:27 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-11 01:16 . 2009-05-11 01:18 -------- dc-h--w c:\windows\ie8
2009-05-11 01:03 . 2005-07-20 04:05 135168 ----a-w c:\windows\system32\igfxres.dll
2009-05-11 00:52 . 2008-04-14 00:10 67584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
2009-05-11 00:51 . 2006-02-28 12:00 8704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll
2009-05-11 00:50 . 2006-02-28 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll
2009-05-11 00:46 . 2006-02-28 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-11 00:33 . 2006-02-28 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-11 00:30 . 2009-05-11 00:30 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-09 16:03 . 2009-05-09 16:12 -------- d-----w c:\windows\system32\NtmsData
2009-05-08 21:34 . 2009-05-09 16:23 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 21:25 . 2009-05-18 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-29 18:11 . 2009-04-29 18:11 -------- d-----w c:\windows\system32\KB905474
2009-04-29 18:11 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-29 18:11 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-29 02:20 . 2009-04-29 02:20 -------- d-----w c:\documents and settings\Allison\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 02:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 02:14 . 2009-04-29 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-29 02:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 03:40 . 2006-04-09 16:30 41310 ----a-w c:\documents and settings\Allison\Application Data\wklnhst.dat
2009-05-24 20:11 . 2007-10-09 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-20 03:10 . 2006-06-15 01:17 6580 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-11 18:40 . 2008-09-24 14:34 83088 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-11 02:44 . 2006-06-15 01:15 8224 ----a-w c:\documents and settings\Allison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 02:35 . 2006-09-04 03:55 88753 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-11 00:45 . 2004-08-10 18:02 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 08:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2008-08-02 03:04 . 2006-10-18 00:35 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-22_01.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-25 03:50 . 2009-05-25 03:50 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-03 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 29744]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"XFDLINK"="c:\program files\MDL CrossFire Commander 7.0\XFDLINK.EXE" [2005-07-19 45056]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 1029664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
c:\documents and settings\Allison\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-3-23 157008]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-3 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-3-15 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aim6.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\MDL CrossFire Commander 7.0\\xfdlink.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Allison\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [11/16/2006 9:56 PM 58464]
R2 MSSQL$CAMBRIDGESOFT;MSSQL$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2007 9:13 PM 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/3/2006 1:23 AM 29744]
S3 SQLAgent$CAMBRIDGESOFT;SQLAgent$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
2009-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 02:00]
2009-05-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 23:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1472)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-25 0:01
ComboFix-quarantined-files.txt 2009-05-25 03:59
ComboFix2.txt 2009-05-22 01:43
Pre-Run: 37,318,447,104 bytes free
Post-Run: 37,347,184,640 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
298 --- E O F --- 2009-05-19 18:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:55 AM, on 5/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [XFDLINK] "C:\Program Files\MDL CrossFire Commander 7.0\XFDLINK.EXE"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242006526917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158983558441
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13140 bytes
ComboFix 09-05-21.01 - Allison 05/24/2009 23:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.512 [GMT -4:00]
Running from: c:\documents and settings\Allison\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Allison\Desktop\CFScript.txt
FILE ::
C:\43214354.bat
c:\windows\inf\COM18C.tmp
c:\windows\system32\774B49F16B.sys
c:\windows\system32\drivers\msawh.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\43214354.bat
C:\744aceaab82b39f2bef3c7699f
c:\744aceaab82b39f2bef3c7699f\amd64\filterpipelineprintproc.dll
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsdrv.cat
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsdrv.inf
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsinc.gpd
c:\744aceaab82b39f2bef3c7699f\amd64\msxpsinc.ppd
c:\744aceaab82b39f2bef3c7699f\amd64\mxdwdrv.dll
c:\744aceaab82b39f2bef3c7699f\amd64\xpssvcs.dll
c:\744aceaab82b39f2bef3c7699f\i386\filterpipelineprintproc.dll
c:\744aceaab82b39f2bef3c7699f\i386\msxpsdrv.cat
c:\744aceaab82b39f2bef3c7699f\i386\msxpsdrv.inf
c:\744aceaab82b39f2bef3c7699f\i386\msxpsinc.gpd
c:\744aceaab82b39f2bef3c7699f\i386\msxpsinc.ppd
c:\744aceaab82b39f2bef3c7699f\i386\mxdwdrv.dll
c:\744aceaab82b39f2bef3c7699f\i386\xpssvcs.dll
c:\windows\inf\COM18C.tmp
c:\windows\system32\774B49F16B.sys
c:\windows\system32\drivers\msawh.sys
.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.
2009-05-21 19:21 . 2009-05-21 19:21 -------- d-----w c:\program files\Trend Micro
2009-05-17 20:22 . 2009-05-17 20:22 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Babylon
2009-05-14 12:26 . 2009-05-14 12:26 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\windows\system32\XPSViewer
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\MSBuild
2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\Reference Assemblies
2009-05-11 18:19 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-11 18:19 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-11 18:19 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-11 18:16 . 2009-05-11 18:35 -------- d-----w c:\windows\SxsCaPendDel
2009-05-11 17:28 . 2009-05-11 17:28 -------- d-----w c:\windows\ie8updates
2009-05-11 17:21 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-11 02:51 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-11 02:50 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-11 02:50 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-11 02:50 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-11 02:50 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-11 02:50 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-11 02:50 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-11 02:50 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-11 02:50 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-11 02:50 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-11 02:50 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-11 02:50 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-11 02:50 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-11 02:49 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-11 02:49 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-11 02:48 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-11 02:48 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-11 02:48 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-11 02:48 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-11 02:48 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\scripting
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\l2schemas
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\en
2009-05-11 02:30 . 2009-05-11 02:30 -------- d-----w c:\windows\system32\bits
2009-05-11 02:26 . 2009-05-11 02:31 -------- d-----w c:\windows\ServicePackFiles
2009-05-11 02:10 . 2008-04-14 00:12 32768 ------w c:\windows\system32\setupn.exe
2009-05-11 02:09 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
2009-05-11 02:08 . 2008-04-14 00:11 12800 ------w c:\windows\system32\credssp.dll
2009-05-11 01:34 . 2009-05-11 01:34 -------- d-sh--w c:\documents and settings\Allison\PrivacIE
2009-05-11 01:28 . 2009-05-11 01:28 -------- d-sh--w c:\documents and settings\Allison\IETldCache
2009-05-11 01:27 . 2009-05-11 01:27 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-11 01:16 . 2009-05-11 01:18 -------- dc-h--w c:\windows\ie8
2009-05-11 01:03 . 2005-07-20 04:05 135168 ----a-w c:\windows\system32\igfxres.dll
2009-05-11 00:52 . 2008-04-14 00:10 67584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
2009-05-11 00:51 . 2006-02-28 12:00 8704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll
2009-05-11 00:50 . 2006-02-28 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll
2009-05-11 00:46 . 2006-02-28 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-11 00:33 . 2006-02-28 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-11 00:33 . 2006-02-28 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-11 00:30 . 2009-05-11 00:30 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-09 16:03 . 2009-05-09 16:12 -------- d-----w c:\windows\system32\NtmsData
2009-05-08 21:34 . 2009-05-09 16:23 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 21:25 . 2009-05-18 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-29 18:11 . 2009-04-29 18:11 -------- d-----w c:\windows\system32\KB905474
2009-04-29 18:11 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-29 18:11 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-29 02:20 . 2009-04-29 02:20 -------- d-----w c:\documents and settings\Allison\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 02:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 02:14 . 2009-04-29 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 02:14 . 2009-04-29 02:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 03:40 . 2006-04-09 16:30 41310 ----a-w c:\documents and settings\Allison\Application Data\wklnhst.dat
2009-05-24 20:11 . 2007-10-09 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-20 03:10 . 2006-06-15 01:17 6580 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-11 18:40 . 2008-09-24 14:34 83088 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-11 02:44 . 2006-06-15 01:15 8224 ----a-w c:\documents and settings\Allison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 02:35 . 2006-09-04 03:55 88753 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-11 00:45 . 2004-08-10 18:02 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 08:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2008-08-02 03:04 . 2006-10-18 00:35 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-22_01.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-25 03:50 . 2009-05-25 03:50 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-03 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 29744]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"XFDLINK"="c:\program files\MDL CrossFire Commander 7.0\XFDLINK.EXE" [2005-07-19 45056]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 1029664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
c:\documents and settings\Allison\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-3-23 157008]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-3 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-3-15 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151616105\\ee\\aim6.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\MDL CrossFire Commander 7.0\\xfdlink.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Allison\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [11/16/2006 9:56 PM 58464]
R2 MSSQL$CAMBRIDGESOFT;MSSQL$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -sCAMBRIDGESOFT [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2007 9:13 PM 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/3/2006 1:23 AM 29744]
S3 SQLAgent$CAMBRIDGESOFT;SQLAgent$CAMBRIDGESOFT;c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT --> c:\program files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -i CAMBRIDGESOFT [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
2009-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 02:00]
2009-05-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Allison\Application Data\Mozilla\Firefox\Profiles\xvnu02fs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 23:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1472)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-25 0:01
ComboFix-quarantined-files.txt 2009-05-25 03:59
ComboFix2.txt 2009-05-22 01:43
Pre-Run: 37,318,447,104 bytes free
Post-Run: 37,347,184,640 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
298 --- E O F --- 2009-05-19 18:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:55 AM, on 5/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [XFDLINK] "C:\Program Files\MDL CrossFire Commander 7.0\XFDLINK.EXE"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242006526917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158983558441
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13140 bytes
#9
Posted 25 May 2009 - 05:06 PM
-
- Moderators
-
- 1,648 posts
Forum Deity
- Gender:Male
Go start > run and type in combofix /u and press OK.
[indent]Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 13.
[indent]Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location.
Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 13.
- Go to http://java.sun.com/...loads/index.jsp
- Go to Java Runtime Environment (JRE) 6 Update 13 about half way down the page and click on the Download button.
- In Platform box choose Windows.
- Check the box to Accept License Agreement and click Continue.
- Click on Windows Offline Installation, click on the link under it which says jre-6u13-windows-i586-p.exe and save the downloaded file to your desktop.
- Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
- Uncheck the Toolbar button (unless you want the toolbar)
- Reboot your computer
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
