after a stop:0x0000008e
Hello, i post a problem that i had with my pc and Thrax told me to follow some steps before posting a HijackThis Log...
I followed all the steps but when i get to do the Kaspersky Online Virus Scan... it says to instal the active-x and i click instal and it says blocked by windows, and i turn off the antivirus the firewall i even open internet options and put them at low, i added the webpage to trusted sites and still i was not able to run it... here is what i was able to get from
Panda Active Scan :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-18 05:58:18
PROTECTIONS: 2
MALWARE: 33
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\rosie sanchez\desktop\casino.url
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.atdmt.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.tribalfusion.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.entrepreneur.com/]
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.tucows.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.maxserving.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.belnk.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.belnk.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.xiti.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@www.burstbeacon[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.adopt.hbmediapro.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.questionmarket.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.go.com/]
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.ath.belnk.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.searchportal.information.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@atwola[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.addynamix.com/]
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
02923758 Adware/KeenValue Adware No 0 Yes No C:\Program Files\Magentic\bin\magentic_install.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
Yes C:\WINDOWS\CustoMess_Uninstall.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:27 PM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 4885 bytes
My computer is working but i know i still have bad files because every time i run spybot-search & destroy i get 3 bad files but it doesnt let me delete it and it says that they will be deleted at restart but i run it again and same thing happens... it says:
WildT angent
[SBI $3A3BDC07] Program directory
C:\WINDOWS\wt\
(SBI $76830867) Program directory
C:\WINDOWS\wt\wtupdates
(SBI $AEA200D6) Program directory
C:\WINDOWS\wt\wtupdates\WireControl\
im afraid to make my payments online i dont know if it will be safe
another thing i found suspicios is that i open network connections and i saw under workgroup computers like someone was conected "Dgjk0391" and after running the malwarebytes and im able to use pc.. now i try to open workgroup and it says that i dont have acces... can someone be connected to my pc?? please i need your help, i need to know how safe i am using this pc..
thank you very much for your help..
I followed all the steps but when i get to do the Kaspersky Online Virus Scan... it says to instal the active-x and i click instal and it says blocked by windows, and i turn off the antivirus the firewall i even open internet options and put them at low, i added the webpage to trusted sites and still i was not able to run it... here is what i was able to get from
Panda Active Scan :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-18 05:58:18
PROTECTIONS: 2
MALWARE: 33
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\rosie sanchez\desktop\casino.url
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.atdmt.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.tribalfusion.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.entrepreneur.com/]
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.tucows.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.maxserving.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.belnk.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.belnk.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.xiti.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@www.burstbeacon[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\c7iok16m.default\cookies.txt[.advertising.com/]
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.adopt.hbmediapro.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.questionmarket.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.go.com/]
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.ath.belnk.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.searchportal.information.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\d3ubquj0.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Rosie Sanchez\Cookies\rosie_sanchez@atwola[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\j1h5avjq.default\cookies.txt[.ads.addynamix.com/]
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
02923758 Adware/KeenValue Adware No 0 Yes No C:\Program Files\Magentic\bin\magentic_install.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
Yes C:\WINDOWS\CustoMess_Uninstall.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:27 PM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 4885 bytes
My computer is working but i know i still have bad files because every time i run spybot-search & destroy i get 3 bad files but it doesnt let me delete it and it says that they will be deleted at restart but i run it again and same thing happens... it says:
WildT angent
[SBI $3A3BDC07] Program directory
C:\WINDOWS\wt\
(SBI $76830867) Program directory
C:\WINDOWS\wt\wtupdates
(SBI $AEA200D6) Program directory
C:\WINDOWS\wt\wtupdates\WireControl\
im afraid to make my payments online i dont know if it will be safe
another thing i found suspicios is that i open network connections and i saw under workgroup computers like someone was conected "Dgjk0391" and after running the malwarebytes and im able to use pc.. now i try to open workgroup and it says that i dont have acces... can someone be connected to my pc?? please i need your help, i need to know how safe i am using this pc..
thank you very much for your help..
0
This discussion has been closed.
Comments
Hello, here is the last log that i have scan, and still im not able to delete the files found in spybot(see above WildTangent)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:49 AM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rozzies.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 5412 bytes
thank you very much
My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.
Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
If you follow these instructions, everything should go smoothly.
Please download Malwarebytes' Anti-Malware and save it to a convenient location.
- Double click on mbam-setup.exe to install it.
- Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
[*]Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
[*]Select the Scanner tab. Click on Perform full scan, then click on Scan.
[*]Leave the default options as it is and click on Start Scan.
[*]When done, you will be prompted. Click OK, then click on Show Results.
[*]Checked (ticked) all items and click on Remove Selected.
[*]After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
Next,
Please post the following:
hello, thanks for helping me.
here is the log for malwarebyte's i will run the other program
Malwarebytes' Anti-Malware 1.28
Database version: 1222
Windows 5.1.2600 Service Pack 3
9/29/2008 9:35:58 PM
mbam-log-2008-09-29 (21-35-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 179332
Time elapsed: 2 hour(s), 1 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0003004.sys (Trojan.Agent) -> Quarantined and deleted successfully.
info-notepad:
info.txt logfile of random's system information tool 1.02 2008-09-29 21:41:49
======Uninstall list======
-->"C:\Program Files\Dell Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CalyxLoanBridge11-->MsiExec.exe /X{192A3445-56FC-47B3-B706-17D599E3B630}
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDMaster32-->C:\Program Files\Zittware\CDMaster32\uninstall.exe CDMaster32
Cox Online Support Controls-->"C:\Program Files\SupportSoft\unins000.exe"
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
DeepRipper v 1.1-->"C:\Program Files\Astonsoft\DeepRipper\Uninstall.exe" "C:\Program Files\Astonsoft\DeepRipper\install.log"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Games-->"C:\Program Files\Dell Games\Uninstall.exe"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
DivX DVD Ripper 1.6-->C:\Program Files\DDR\uninst.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD to iPod Converter 4-->C:\Program Files\Xilisoft\DVD to iPod Converter 4\Uninstall.exe
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Ezonics Greeting Cam Deluxe-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ezonics\Ezonics Greeting Cam Deluxe\Uninst.isu"
EZPhoto Browser-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}\Setup.exe" -l0x9
EZPhoto Panorama-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}\Setup.exe" -l0x9
EZPhoto Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}\Setup.exe" -l0x9
EZShowtime MMS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}\Setup.exe" -l0x9
EZSuite For EZCam III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{313aa16e-8c61-410c-a225-917462421659}\Setup.exe" -l0x9
EZVideo Mail-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}\Setup.exe" -l0x9
FileASSASSIN-->C:\Program Files\FileASSASSIN\uninst.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google AFE-->regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Guru Supplemental Guitar Skins-->"C:\Program Files\Musicnotes\GuitarGuru\data\unins000.exe"
Guitar Guru Version 2.1.2-->"C:\Program Files\Musicnotes\GuitarGuru\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{624D19C3-D55D-4368-BC10-9B53036D8358}
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
iMesh-->C:\Program Files\iMesh Applications\iMesh\UninstallSurvey.exe C:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE /U C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_21ec1ad\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (2.0.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Musicnotes Player V1.22.3-->"C:\Program Files\Musicnotes\Player\unins000.exe"
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NOMAD Explorer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9 /remove
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OLYMPUS Master 2-->MsiExec.exe /X{F958F15A-4CE2-44E7-8179-97BBDCAF401A}
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC CameraQ-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D995DF42-A2B6-43D6-AEA2-FDD296E74ED4} /l1033
PDF reDirect (remove only)-->C:\Program Files\PDF reDirect\Uninstall.exe
Point-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}\setup.exe" -l0x9 -uninst
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSP Max Media Manager-->"C:\Program Files\Datel\PSP Max Media Manager\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Print Shop 21-->MsiExec.exe /X{F61B4687-8869-433B-A715-763C1DC0AEFB}
Tradewinds-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3C48F877-A164-45E9-B9DA-26A049FFC207\Uninstall.exe"
TypingMaster TypingTest-->"C:\Program Files\TypingMaster\TypingTest\unins000.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB-IrDA Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9
Videora iPod Converter 0.91-->C:\Program Files\VideoraiPodConverter\uninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
======Hosts File======
127.0.0.1 multitrader.info
127.0.0.1 reggame.biz
127.0.0.1 tele-globus.biz
127.0.0.1 newasp.com.cn
127.0.0.1 mygolddinar.com
127.0.0.1 xfatum.com
127.0.0.1 think-adz2.com
127.0.0.1 daoway.biz
127.0.0.1 school-172.info
127.0.0.1 http://test.just.f1del.net/limbo/mail.php
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.5.001
"SESSIONID"=1138732483014htx6056998c09:109222b9ea4:2393
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\ROSIES~1\LOCALS~1\Temp\rad52454.tmp
"TOOLPATH"=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
Logfile of random's system information tool 1.02 (written by random/random)
Run by Rosie Sanchez at 2008-09-29 21:41:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (17%) free of 72 GB
Total RAM: 502 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:42 PM, on 9/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zittware\CDMaster32\CDMaster32.exe
C:\Documents and Settings\Rosie Sanchez\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rosie Sanchez.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rozzies.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1222640530_d64c52503b08a36992a2e550628aff61&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 6196 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=B1000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1138330997\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1138330997\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\1138330997\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1138330997\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\system32\spcauth.exe"="C:\WINDOWS\system32\spcauth.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Disabled:Magentic"
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Disabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Disabled:Magentic"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
======List of files/folders created in the last 1 months======
2009-01-05 11:59:19 ----D---- C:\Program Files\Mozilla Firefox
2009-01-01 22:35:30 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2009-01-01 22:08:41 ----D---- C:\Program Files\DellSupport
2008-12-31 16:35:30 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-12-31 16:32:29 ----D---- C:\WINDOWS\aolshare
2008-12-31 16:31:46 ----D---- C:\Program Files\AOL 9.1
2008-12-31 14:53:24 ----N---- C:\WINDOWS\system32\Spcres.dll
2008-12-31 14:41:44 ----A---- C:\WINDOWS\wanmpsvc.exe
2008-12-30 17:30:39 ----A---- C:\VETlog.txt
2008-09-29 21:41:25 ----D---- C:\rsit
2008-09-29 20:26:11 ----RAH---- C:\~State.INI
2008-09-29 20:25:16 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\Help
2008-09-29 20:24:09 ----A---- C:\WINDOWS\CDMaster.ini
2008-09-29 20:24:04 ----D---- C:\Program Files\Zittware
2008-09-29 20:24:04 ----A---- C:\WINDOWS\system32\SoXWin32.dll
2008-09-29 20:24:04 ----A---- C:\WINDOWS\system32\Nviewlib.dll
2008-09-29 20:24:03 ----A---- C:\WINDOWS\system32\xaudio.dll
2008-09-29 20:24:03 ----A---- C:\WINDOWS\system32\FreeDBid.dll
2008-09-29 20:24:00 ----A---- C:\WINDOWS\system32\vorbisfile.dll
2008-09-29 20:24:00 ----A---- C:\WINDOWS\system32\vorbisenc.dll
2008-09-29 20:24:00 ----A---- C:\WINDOWS\system32\vorbis.dll
2008-09-29 20:24:00 ----A---- C:\WINDOWS\system32\vcedit.dll
2008-09-29 20:24:00 ----A---- C:\WINDOWS\system32\ogg.dll
2008-09-29 20:23:55 ----A---- C:\WINDOWS\system32\replaygain.dll
2008-09-29 20:23:55 ----A---- C:\WINDOWS\system32\mikmod.dll
2008-09-29 20:23:55 ----A---- C:\WINDOWS\system32\akrip32.dll
2008-09-29 20:23:48 ----A---- C:\WINDOWS\system32\lame_enc.dll
2008-09-29 00:43:19 ----A---- C:\Documents and Settings\Rosie Sanchez\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-09-28 15:39:49 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\iMesh
2008-09-28 15:39:44 ----D---- C:\Program Files\iMesh Applications
2008-09-28 15:24:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-28 15:24:03 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-28 15:24:03 ----A---- C:\WINDOWS\system32\java.exe
2008-09-28 15:21:36 ----D---- C:\Program Files\Common Files\Java
2008-09-25 13:33:57 ----D---- C:\Program Files\FileASSASSIN
2008-09-22 02:18:12 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\Longfine Software
2008-09-22 02:07:51 ----A---- C:\WINDOWS\eSellerateEngine.dll
2008-09-22 02:07:42 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\Icecandy
2008-09-18 06:09:43 ----D---- C:\Program Files\Sun
2008-09-17 22:35:07 ----D---- C:\Program Files\Panda Security
2008-09-17 22:27:31 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 22:27:23 ----D---- C:\Program Files\SpywareBlaster
2008-09-17 11:29:47 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 00:16:52 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\Malwarebytes
2008-09-17 00:16:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 00:16:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 00:45:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-11 13:34:51 ----D---- C:\WINDOWS\CSC
2008-09-11 07:53:29 ----D---- C:\WINDOWS\Prefetch
2008-09-11 06:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-11 06:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-11 06:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-11 06:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-11 06:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-11 06:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-11 06:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-11 06:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-11 06:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-11 06:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-11 06:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 06:37:41 ----D---- C:\WINDOWS\system32\scripting
2008-09-11 06:37:40 ----D---- C:\WINDOWS\system32\en
2008-09-11 06:37:40 ----D---- C:\WINDOWS\l2schemas
2008-09-11 06:37:39 ----D---- C:\WINDOWS\system32\bits
2008-09-11 06:34:11 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-11 06:26:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-11 01:03:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-11 01:02:44 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-11 01:02:44 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-11 01:02:23 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-11 01:02:20 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-11 01:02:15 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-11 01:02:15 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-11 01:02:15 ----N---- C:\WINDOWS\slrundll.exe
2008-09-11 01:02:14 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-11 01:02:14 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-11 01:02:14 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-11 01:02:05 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-11 01:01:50 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-11 01:01:46 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-11 01:01:44 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-11 01:01:43 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-11 01:01:42 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-11 01:01:41 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-11 01:01:41 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-11 01:01:33 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-11 01:01:14 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-11 01:01:14 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-11 01:01:14 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-11 01:01:13 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-11 01:01:12 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-11 01:01:11 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-11 01:01:07 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-11 01:01:07 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-11 01:00:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-11 01:00:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-11 01:00:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-11 01:00:36 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-11 01:00:33 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-11 01:00:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-11 01:00:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-11 01:00:09 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-11 01:00:09 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-11 01:00:09 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-11 01:00:08 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-11 00:59:49 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-11 00:59:48 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-11 00:59:39 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-11 00:59:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-11 00:59:11 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-11 00:59:11 ----A---- C:\WINDOWS\003207_.tmp
2008-09-11 00:59:07 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-11 00:59:07 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-11 00:59:06 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-11 00:59:06 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-11 00:59:06 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-11 00:59:06 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-11 00:59:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-11 00:59:06 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-11 00:58:59 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-11 00:58:59 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-11 00:58:59 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-11 00:58:59 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-11 00:58:58 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-11 00:58:58 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-11 00:58:58 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-11 00:58:55 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-11 00:58:55 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-11 00:58:54 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-11 00:58:47 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-11 00:58:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-11 00:58:35 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-11 00:58:33 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-11 00:58:33 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-11 00:58:32 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-11 00:58:32 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-11 00:58:31 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-11 00:58:31 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-11 00:58:31 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-11 00:58:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-10 17:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 17:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
======List of files/folders modified in the last 1 months======
2009-01-01 22:09:23 ----HD---- C:\Documents and Settings\Rosie Sanchez\Application Data\Gtek
2008-12-31 23:37:42 ----D---- C:\Program Files\Winamp
2008-12-31 16:34:56 ----D---- C:\Program Files\Common Files\aolshare
2008-12-31 16:28:23 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\Mozilla
2008-12-31 16:28:03 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-09-29 21:41:31 ----D---- C:\WINDOWS\Temp
2008-09-29 20:46:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-29 20:24:09 ----D---- C:\WINDOWS
2008-09-29 20:24:04 ----D---- C:\WINDOWS\system32
2008-09-29 20:24:04 ----D---- C:\Program Files
2008-09-29 11:49:43 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-09-29 11:49:41 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2008-09-29 11:39:10 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-29 11:39:09 ----D---- C:\Program Files\Windows Live
2008-09-29 11:39:09 ----D---- C:\Program Files\MSN Messenger
2008-09-29 11:37:41 ----SHD---- C:\WINDOWS\Installer
2008-09-29 11:37:41 ----SHD---- C:\Config.Msi
2008-09-29 10:44:20 ----D---- C:\WINDOWS\Registration
2008-09-29 10:42:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-29 10:40:55 ----A---- C:\YServer.txt
2008-09-29 10:40:35 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\Yahoo!
2008-09-29 03:34:56 ----D---- C:\Temp
2008-09-29 03:34:11 ----A---- C:\WINDOWS\nero.INI
2008-09-28 21:26:43 ----A---- C:\WINDOWS\win.ini
2008-09-28 21:25:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-28 21:23:32 ----HD---- C:\WINDOWS\inf
2008-09-28 15:30:11 ----D---- C:\Program Files\LimeWire
2008-09-28 15:24:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-28 15:24:00 ----D---- C:\Program Files\Java
2008-09-28 15:21:36 ----D---- C:\Program Files\Common Files
2008-09-25 20:13:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-23 01:12:18 ----D---- C:\WINDOWS\network diagnostic
2008-09-18 17:30:42 ----D---- C:\WINDOWS\system32\drivers
2008-09-18 12:55:45 ----D---- C:\Program Files\Amazon
2008-09-18 12:54:48 ----D---- C:\Documents and Settings\Rosie Sanchez\Application Data\Adobe
2008-09-18 12:54:47 ----D---- C:\Program Files\Adobe
2008-09-18 05:58:23 ----D---- C:\Program Files\DIGStream
2008-09-17 18:19:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 17:08:16 ----A---- C:\WINDOWS\wininit.ini
2008-09-17 17:08:10 ----D---- C:\WINDOWS\wt
2008-09-17 16:29:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-17 11:30:30 ----D---- C:\Program Files\Lavasoft
2008-09-17 05:05:53 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-12 12:09:07 ----D---- C:\Program Files\McAfee
2008-09-12 10:55:01 ----D---- C:\mcafee_mcpr
2008-09-12 00:45:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-11 22:52:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-11 13:45:22 ----D---- C:\WINDOWS\Minidump
2008-09-11 07:46:19 ----D---- C:\WINDOWS\system32\wbem
2008-09-11 07:46:19 ----D---- C:\WINDOWS\system32\Setup
2008-09-11 07:46:19 ----D---- C:\WINDOWS\AppPatch
2008-09-11 07:46:18 ----RSD---- C:\WINDOWS\Fonts
2008-09-11 07:45:50 ----D---- C:\WINDOWS\security
2008-09-11 06:46:40 ----A---- C:\WINDOWS\imsins.BAK
2008-09-11 06:46:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-11 06:45:07 ----D---- C:\Program Files\Messenger
2008-09-11 06:39:59 ----A---- C:\WINDOWS\setuplog.txt
2008-09-11 06:38:28 ----D---- C:\WINDOWS\WinSxS
2008-09-11 06:38:00 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-11 06:38:00 ----D---- C:\WINDOWS\ime
2008-09-11 06:38:00 ----D---- C:\WINDOWS\Help
2008-09-11 06:37:43 ----D---- C:\WINDOWS\system32\usmt
2008-09-11 06:37:43 ----D---- C:\WINDOWS\system32\en-US
2008-09-11 06:37:39 ----D---- C:\WINDOWS\PeerNet
2008-09-11 06:37:39 ----D---- C:\Program Files\Movie Maker
2008-09-11 06:34:03 ----D---- C:\WINDOWS\system32\Restore
2008-09-11 06:34:03 ----D---- C:\WINDOWS\system32\npp
2008-09-11 06:34:03 ----D---- C:\WINDOWS\mui
2008-09-11 06:34:02 ----D---- C:\WINDOWS\srchasst
2008-09-11 06:34:02 ----D---- C:\WINDOWS\msagent
2008-09-11 06:34:01 ----D---- C:\WINDOWS\system32\Com
2008-09-11 06:34:01 ----D---- C:\Program Files\NetMeeting
2008-09-11 06:33:58 ----D---- C:\Program Files\Windows NT
2008-09-11 06:33:58 ----D---- C:\Program Files\Outlook Express
2008-09-11 06:33:56 ----D---- C:\Program Files\Common Files\System
2008-09-11 06:33:42 ----D---- C:\WINDOWS\system32\oobe
2008-09-11 06:33:40 ----D---- C:\WINDOWS\system
2008-09-11 06:31:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-11 06:26:13 ----D---- C:\WINDOWS\ehome
2008-09-11 00:12:09 ----D---- C:\WINDOWS\Debug
2008-09-10 13:12:30 ----SHD---- C:\System Volume Information
2008-08-31 23:36:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-12-27 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-08-17 1022040]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2005-05-16 16000]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-06-17 136832]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SUSTUCAM;Susteen USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 spcstb;spcstb; C:\WINDOWS\System32\DRIVERS\spcstb.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S4 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe []
EOF
again thank you very much for your help and time
Link 1
Link 2
Link 3
Click the Windows Start button > Select Run - then copy/paste the text from the code box into the run box & click OK.
When finished, it will produce a report for you.- Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
ComboFix 08-09-30.03 - Rosie Sanchez 2008-09-30 17:19:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.172 [GMT -7:00]
Running from: C:\Documents and Settings\Rosie Sanchez\desktop\Combo-Fix.exe
Command switches used :: /killall
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\outlook
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_TDSSSERV
\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2009-01-01 22:35 . 2009-01-01 22:35 <DIR> d
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2009-01-01 22:08 . 2009-01-01 22:08 <DIR> d
C:\Program Files\DellSupport
2008-12-31 16:32 . 2008-12-31 16:32 <DIR> d
C:\WINDOWS\aolshare
2008-12-31 16:31 . 2009-01-01 19:46 <DIR> d
C:\Program Files\AOL 9.1
2008-12-31 14:53 . 2004-10-26 10:50 55,808
C:\WINDOWS\system32\Spcres.dll
2008-12-31 14:41 . 2003-08-27 09:29 65,536 --a
C:\WINDOWS\wanmpsvc.exe
2008-12-30 17:30 . 2008-09-28 21:26 54,257 --a
C:\VETlog.dmp
2008-09-29 21:41 . 2008-09-29 21:41 <DIR> d
C:\rsit
2008-09-29 20:26 . 2008-09-29 20:57 26 -rah
C:\~State.INI
2008-09-29 20:24 . 2008-09-29 21:57 <DIR> d
C:\Program Files\Zittware
2008-09-29 20:24 . 2008-09-29 21:44 950 --a
C:\WINDOWS\CDMaster.ini
2008-09-28 15:39 . 2008-09-28 15:39 <DIR> d
C:\Program Files\iMesh Applications
2008-09-28 15:39 . 2008-09-29 03:42 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\iMesh
2008-09-28 15:39 . 2007-11-22 07:00 483,328 --a
C:\WINDOWS\system32\actskn45.ocx
2008-09-28 15:24 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-09-28 15:21 . 2008-09-28 15:21 <DIR> d
C:\Program Files\Common Files\Java
2008-09-25 13:33 . 2008-09-25 13:34 <DIR> d
C:\Program Files\FileASSASSIN
2008-09-22 02:18 . 2008-09-22 02:18 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\Longfine Software
2008-09-22 02:07 . 2008-09-22 02:08 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\Icecandy
2008-09-22 02:07 . 2008-09-22 02:07 360,580 --a
C:\WINDOWS\eSellerateEngine.dll
2008-09-18 06:09 . 2008-09-18 06:09 <DIR> d
C:\Program Files\Sun
2008-09-17 22:35 . 2008-09-17 22:35 <DIR> d
C:\Program Files\Panda Security
2008-09-17 22:35 . 2008-06-19 17:24 28,544 --a
C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-17 22:27 . 2008-09-17 22:27 <DIR> d
C:\Program Files\SpywareBlaster
2008-09-17 22:27 . 2008-09-17 22:27 <DIR> d
C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 11:29 . 2008-09-17 11:29 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 00:16 . 2008-09-17 00:16 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 00:16 . 2008-09-17 00:16 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\Malwarebytes
2008-09-17 00:16 . 2008-09-17 00:16 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 00:16 . 2008-09-10 00:04 38,528 --a
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 00:16 . 2008-09-10 00:03 17,200 --a
C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\system32\scripting
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\system32\en
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\system32\bits
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\l2schemas
2008-09-11 06:34 . 2008-09-11 06:38 <DIR> d
C:\WINDOWS\ServicePackFiles
2008-09-11 01:03 . 2008-04-13 17:12 69,120
C:\WINDOWS\system32\wlanapi.dll
2008-09-11 01:03 . 2004-08-03 22:29 25,471
C:\WINDOWS\system32\drivers\watv10nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 22,271
C:\WINDOWS\system32\drivers\watv06nt.sys
2008-09-11 01:03 . 2008-04-13 11:43 14,208
C:\WINDOWS\system32\drivers\wacompen.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,935
C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,871
C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,807
C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,295
C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-09-11 01:01 . 2008-04-13 17:12 1,737,856
C:\WINDOWS\system32\mtxparhd.dll
2008-09-11 01:00 . 2008-04-13 17:11 397,312
C:\WINDOWS\system32\mmcex.dll
2008-09-11 00:59 . 2004-08-03 22:41 1,041,536
C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-11 00:58 . 2008-04-13 17:11 1,888,992
C:\WINDOWS\system32\ati3duag.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 05:09
d--h--w C:\Documents and Settings\Tavito\Application Data\Gtek
2009-01-02 05:09
d--h--w C:\Documents and Settings\Rosie Sanchez\Application Data\Gtek
2009-01-02 05:09
d--h--w C:\Documents and Settings\Jeovanna\Application Data\Gtek
2009-01-01 06:37
d
w C:\Program Files\Winamp
2008-12-31 23:34
d
w C:\Program Files\Common Files\aolshare
2008-12-31 23:28
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-09-29 18:39
d
w C:\Program Files\Windows Live
2008-09-29 18:39
d
w C:\Program Files\MSN Messenger
2008-09-29 18:39
d
w C:\Program Files\Messenger Plus! Live
2008-09-29 17:40
d
w C:\Documents and Settings\Rosie Sanchez\Application Data\Yahoo!
2008-09-29 17:40
d
w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-28 22:30
d
w C:\Program Files\LimeWire
2008-09-28 22:24
d
w C:\Program Files\Java
2008-09-18 19:55
d
w C:\Program Files\Amazon
2008-09-18 12:58
d
w C:\Program Files\DIGStream
2008-09-18 01:19
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 23:29
d
w C:\Program Files\Spybot - Search & Destroy
2008-09-17 18:30
d
w C:\Program Files\Lavasoft
2008-09-12 19:09
d
w C:\Program Files\McAfee
2008-09-01 06:36
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-15 00:44
d
w C:\Documents and Settings\All Users\Application Data\IM
2008-08-15 00:43
d
w C:\Program Files\IncrediMail
2008-08-15 00:43
d
w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-13 22:38
d
w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-09 05:00
d
w C:\Documents and Settings\Gustavo\Application Data\Yahoo!
2008-08-05 05:38
d
w C:\Program Files\Apple Software Update
2008-08-05 05:36
d
w C:\Program Files\iTunes
2008-08-05 05:36
d
w C:\Program Files\iPod
2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-02-19 19:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-07 00:33 94,120 ----a-w C:\Documents and Settings\Rosie Sanchez\Application Data\JuniperSetup.exe
2007-05-14 15:48 80 --sh--r C:\WINDOWS\system32\80BE7E38E8.dll
2007-05-01 07:37 104 --sh--r C:\WINDOWS\system32\80BE7E38E8.sys
2008-02-09 15:30 88 --sh--r C:\WINDOWS\system32\E8387EBE80.sys
2008-02-09 15:30 4,496 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\1138330997\\ee\\aolsoftware.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\1138330997\\ee\\aim6.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8256:TCP"= 8256:TCP:*:Disabled:BitComet 8256 TCP
"8256:UDP"= 8256:UDP:*:Disabled:BitComet 8256 UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
.
Supplementary Scan
.
FireFox -: Profile - C:\Documents and Settings\Rosie Sanchez\Application Data\Mozilla\Firefox\Profiles\9r50xm51.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 17:33:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-09-30 18:00:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 00:59:57
Pre-Run: 12,582,866,944 bytes free
Post-Run: 12,527,710,208 bytes free
206 --- E O F --- 2008-09-12 05:44:17
AND THE HIJACKTHIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57, on 2008-09-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rozzies.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1222640530_d64c52503b08a36992a2e550628aff61&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 5840 bytes
THANK YOU
P2P Warning!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire
P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.
This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html
Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
Download CCleaner from here and save it to your desktop.
Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
- Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
- Then select the items you wish to clean up.
- In the Windows Tab:
- Clean all entries in the Internet Explorer.
- Clean all the entries in the Windows Explorer section
- Clean all entries in the System section
- Clean all entries in the Advanced section
- Clean any others that you choose
- In the Applications Tab:
- Clean all ] in the Firefox/Mozilla section.
- Clean all in the Opera section if you use it
- Clean Sun Java in the Internet Section
- Clean any others that you choose
- Click the Run Cleaner button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click OK and it will scan and clean your system.
- Click exit when done.
- If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
[*]Click on My Computer under Scan.Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
[*]Please post this log in your next reply.
Please download DirLook by jpshortstuff from here.
- Double-click DirLook.exe to run it.
- Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
- Copy the content of the following codebox into the main text field:
- Click the DirLook button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.Please post the following:
1.-here is the kaspersky log first:
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 1, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 19:22:57
Records in database: 1280928
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 118427
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 07:51:59
File name / Threat name / Threats count
C:\Documents and Settings\Rosie Sanchez\Local Settings\Application DataKiweeToolbar1.2.116.msi Infected: Trojan-Downloader.Win32.Zlob.meq 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
The selected area was scanned.
2.- here is the DirLook log:
DirLook.exe by jpshortstuff
Log created at 20:06:36 on 2008-10-01
==============================
Contents of "C:\WINDOWS\wt" (inc. hidden/system files/folders)
---FOLDERS---
wtupdates (created: 2008-04-01 18:28) d
---FILES---
==============================
Contents of "C:\WINDOWS\wt\wtupdates" (inc. hidden/system files/folders)
---FOLDERS---
dmmp (created: 2008-04-01 18:28) d
WireControl (created: 2008-04-01 18:28) d
wtdmmp (created: 2008-04-01 18:28) d
---FILES---
==============================
Contents of "C:\WINDOWS\wt\wtupdates\WireControl" (inc. hidden/system files/folders)
---FOLDERS---
1.0.0.63 (created: 2008-04-01 18:28) d
---FILES---
==============================
=EOF=
3.- the new hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08, on 2008-10-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rosie Sanchez\Local Settings\temp\jkos-Rosie Sanchez\binaries\ScanningProcess.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rozzies.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1222640530_d64c52503b08a36992a2e550628aff61&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 6036 bytes
First i was on a conversation on msn messenger with my sister when suddenly a link appeared, i never click on those links because i know is a virus, so i didnt. But i asked my sister if she got that message too, and i got no answer, i keep talking to her and i got out. Next day i turn on my pc... i got an stop error: 0x0000008e (0xc0000005,0xf8866b20,0xf86847a4,0x00000000) I got a blue screen empty blue screen... that's when i press ctrl-alt-del and i was able to open the windows task manager, from there open aol and log into this forum and i was told to download malwarebyte's program, and i did and all my desktop icons were showing again... i try to follow some direcctions but i couldnt go past the kaspersky program... this time i was
now everything looks like is going ok, but when i run the spyboot i see 3 things that im not able to delete, and in the messenger receive files there are also 3 files that i did not acept and they wer lock, i use the fileassassin program to get rid of them but they keep comming back..
those are:
Icapi9.log
MsnMsgr.txt
Transport.log
they keep appearing... i'm sure there something bad still, on limewire i only share a music file and nothing else.. i know is an open door for virus but in many years, never had a problem like this before.. and this virus i have i'm very sure it came in thru msn messenger..
again thank you for your time and help.
These two files keep reappearing because Messenger creates them whenever you run the program.
MsnMsgr.txt
Transport.log
They are legit and it is probably safe to assume the same is true for Icapi9.log since none of the scans have run are flagging any of them as bad or questionable.
RECOVERY CONSOLE
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.
Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
Run a custome CFScript
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Next, let's run one more online scan to make certain that nothing has been missed....
Please post the following:
You should use Service Pack 2.
here is the ComboFix log:
ComboFix 08-10-01.06 - Rosie Sanchez 2008-10-02 12:38:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.240 [GMT -7:00]Running from: C:\Documents and Settings\Rosie Sanchez\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Rosie Sanchez\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip
C:\Documents and Settings\Rosie Sanchez\Local Settings\Application DataKiweeToolbar1.2.116.msi
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
C:\WINDOWS\CustoMess_Uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip
C:\Documents and Settings\Rosie Sanchez\Local Settings\Application DataKiweeToolbar1.2.116.msi
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
C:\WINDOWS\CustoMess_Uninstall.exe
C:\WINDOWS\wt
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas
C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
C:\WINDOWS\wt\wtupdates\wtdmmp\update_info\data.wts
.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.
2009-01-01 22:35 . 2009-01-01 22:35 <DIR> d
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2009-01-01 22:08 . 2009-01-01 22:08 <DIR> d
C:\Program Files\DellSupport
2008-12-31 16:32 . 2008-12-31 16:32 <DIR> d
C:\WINDOWS\aolshare
2008-12-31 16:31 . 2009-01-01 19:46 <DIR> d
C:\Program Files\AOL 9.1
2008-12-31 14:53 . 2004-10-26 10:50 55,808
C:\WINDOWS\system32\Spcres.dll
2008-12-31 14:41 . 2003-08-27 09:29 65,536 --a
C:\WINDOWS\wanmpsvc.exe
2008-12-30 17:30 . 2008-09-28 21:26 54,257 --a
C:\VETlog.dmp
2008-10-01 11:46 . 2008-10-01 11:46 <DIR> d
C:\ccleaner
2008-10-01 11:27 . 2008-10-01 11:27 <DIR> d
C:\Program Files\CCleaner
2008-09-30 21:00 . 2008-09-30 21:00 <DIR> d
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-29 21:41 . 2008-09-29 21:41 <DIR> d
C:\rsit
2008-09-29 20:26 . 2008-09-29 20:57 26 -rah
C:\~State.INI
2008-09-29 20:24 . 2008-09-29 21:57 <DIR> d
C:\Program Files\Zittware
2008-09-29 20:24 . 2008-09-29 21:44 950 --a
C:\WINDOWS\CDMaster.ini
2008-09-28 15:39 . 2008-09-28 15:39 <DIR> d
C:\Program Files\iMesh Applications
2008-09-28 15:39 . 2008-09-29 03:42 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\iMesh
2008-09-28 15:39 . 2007-11-22 07:00 483,328 --a
C:\WINDOWS\system32\actskn45.ocx
2008-09-28 15:24 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-09-28 15:21 . 2008-09-28 15:21 <DIR> d
C:\Program Files\Common Files\Java
2008-09-25 13:33 . 2008-09-25 13:34 <DIR> d
C:\Program Files\FileASSASSIN
2008-09-22 02:18 . 2008-09-22 02:18 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\Longfine Software
2008-09-22 02:07 . 2008-09-22 02:08 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\Icecandy
2008-09-22 02:07 . 2008-09-22 02:07 360,580 --a
C:\WINDOWS\eSellerateEngine.dll
2008-09-18 06:09 . 2008-09-18 06:09 <DIR> d
C:\Program Files\Sun
2008-09-17 22:35 . 2008-09-17 22:35 <DIR> d
C:\Program Files\Panda Security
2008-09-17 22:35 . 2008-06-19 17:24 28,544 --a
C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-17 22:27 . 2008-09-17 22:27 <DIR> d
C:\Program Files\SpywareBlaster
2008-09-17 22:27 . 2008-09-17 22:27 <DIR> d
C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 11:29 . 2008-09-17 11:29 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 00:16 . 2008-09-17 00:16 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 00:16 . 2008-09-17 00:16 <DIR> d
C:\Documents and Settings\Rosie Sanchez\Application Data\Malwarebytes
2008-09-17 00:16 . 2008-09-17 00:16 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 00:16 . 2008-09-10 00:04 38,528 --a
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 00:16 . 2008-09-10 00:03 17,200 --a
C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\system32\scripting
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\system32\en
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\system32\bits
2008-09-11 06:37 . 2008-09-11 06:37 <DIR> d
C:\WINDOWS\l2schemas
2008-09-11 06:34 . 2008-09-11 06:38 <DIR> d
C:\WINDOWS\ServicePackFiles
2008-09-11 01:03 . 2008-04-13 17:12 69,120
C:\WINDOWS\system32\wlanapi.dll
2008-09-11 01:03 . 2004-08-03 22:29 25,471
C:\WINDOWS\system32\drivers\watv10nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 22,271
C:\WINDOWS\system32\drivers\watv06nt.sys
2008-09-11 01:03 . 2008-04-13 11:43 14,208
C:\WINDOWS\system32\drivers\wacompen.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,935
C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,871
C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,807
C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-09-11 01:03 . 2004-08-03 22:29 11,295
C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-09-11 01:01 . 2008-04-13 17:12 1,737,856
C:\WINDOWS\system32\mtxparhd.dll
2008-09-11 01:00 . 2008-04-13 17:11 397,312
C:\WINDOWS\system32\mmcex.dll
2008-09-11 00:59 . 2004-08-03 22:41 1,041,536
C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-11 00:58 . 2008-04-13 17:11 1,888,992
C:\WINDOWS\system32\ati3duag.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 05:09
d--h--w C:\Documents and Settings\Tavito\Application Data\Gtek
2009-01-02 05:09
d--h--w C:\Documents and Settings\Rosie Sanchez\Application Data\Gtek
2009-01-02 05:09
d--h--w C:\Documents and Settings\Jeovanna\Application Data\Gtek
2009-01-01 06:37
d
w C:\Program Files\Winamp
2008-12-31 23:34
d
w C:\Program Files\Common Files\aolshare
2008-12-31 23:28
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-10-01 18:35
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-29 18:39
d
w C:\Program Files\Windows Live
2008-09-29 18:39
d
w C:\Program Files\MSN Messenger
2008-09-29 18:39
d
w C:\Program Files\Messenger Plus! Live
2008-09-29 17:40
d
w C:\Documents and Settings\Rosie Sanchez\Application Data\Yahoo!
2008-09-29 17:40
d
w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-28 22:30
d
w C:\Program Files\LimeWire
2008-09-28 22:24
d
w C:\Program Files\Java
2008-09-18 19:55
d
w C:\Program Files\Amazon
2008-09-18 12:58
d
w C:\Program Files\DIGStream
2008-09-17 23:29
d
w C:\Program Files\Spybot - Search & Destroy
2008-09-17 18:30
d
w C:\Program Files\Lavasoft
2008-09-12 19:09
d
w C:\Program Files\McAfee
2008-09-01 06:36
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-15 00:44
d
w C:\Documents and Settings\All Users\Application Data\IM
2008-08-15 00:43
d
w C:\Program Files\IncrediMail
2008-08-15 00:43
d
w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-13 22:38
d
w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-09 05:00
d
w C:\Documents and Settings\Gustavo\Application Data\Yahoo!
2008-08-05 05:38
d
w C:\Program Files\Apple Software Update
2008-08-05 05:36
d
w C:\Program Files\iTunes
2008-08-05 05:36
d
w C:\Program Files\iPod
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952
w C:\WINDOWS\system32\dllcache\es.dll
2008-02-19 19:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-07 00:33 94,120 ----a-w C:\Documents and Settings\Rosie Sanchez\Application Data\JuniperSetup.exe
2007-05-14 15:48 80 --sh--r C:\WINDOWS\system32\80BE7E38E8.dll
2007-05-01 07:37 104 --sh--r C:\WINDOWS\system32\80BE7E38E8.sys
2008-02-09 15:30 88 --sh--r C:\WINDOWS\system32\E8387EBE80.sys
2008-02-09 15:30 4,496 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( [EMAIL="snapshot@2008-09-30_17.59.00.50"]snapshot@2008-09-30_17.59.00.50[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-30 22:28:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-02 16:05:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-30 22:28:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-02 16:05:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\1138330997\\ee\\aolsoftware.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\1138330997\\ee\\aim6.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8256:TCP"= 8256:TCP:*:Disabled:BitComet 8256 TCP
"8256:UDP"= 8256:UDP:*:Disabled:BitComet 8256 UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 12:47:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
.
**************************************************************************
.
Completion time: 2008-10-02 13:15:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-02 20:14:52
ComboFix2.txt 2008-10-02 19:15:40
ComboFix3.txt 2008-10-01 01:00:38
Pre-Run: 12,575,842,304 bytes free
Post-Run: 12,548,866,048 bytes free
244 --- E O F --- 2008-09-12 05:44:17
Here is the F-Secure log:
Scanning Report
Thursday, October 02, 2008 13:23:31 - 23:26:33
Computer name: DGJK0391
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 3 malware found
TrackingCookie.Webtrends (spyware)
- System
Trojan-Downloader.Win32.Zlob.meq (virus)- C:\QooBox\Quarantine\C\Documents and Settings\Rosie Sanchez\Local Settings\Application DataKiweeToolbar1.2.116.msi.vir\stream 40\_255311685EC0439E9B51F19CA2877AB9
VBFlood.gen1 (virus)- C:\QooBox\Quarantine\C\WINDOWS\CustoMess_Uninstall.exe.vir (Submitted)
StatisticsScanned:
- Files: 376942
- System: 5690
- Not scanned: 945
Actions:- Disinfected: 0
- Renamed: 0
- Deleted: 0
- None: 3
- Submitted: 1
Files not scanned:W�x�IBERFIL.SYS- C:\PAGEFILE.SYS
- C:\WINDOWS\TEMP\MCMSC_DD1RL7IGK1CTEYA
- C:\WINDOWS\TEMP\MCMSC_IXEYVNO9AYXVJ5M
- C:\WINDOWS\TEMP\MCMSC_LE57BDA8BCUPZHA
- C:\WINDOWS\TEMP\MCMSC_OCOP0WLSZTJISJP
- C:\WINDOWS\SYSTEM32\BIOS1.ROM
- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
- C:\WINDOWS\SYSTEM32\CONFIG\SAM
- C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
- C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
- C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
- C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.TMP.LOG
- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
- C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
- C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
- C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\ASYNCMAC.SYS
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/wtdmmp/update_info/data.wts
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/dmmp/3.0.2.000/files/wtdmmp.dll
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/dmmp/3.0.2.000/files/wtdmmpi.jar
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/dmmp/3.0.2.000/files/wtdmmpv.dll
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/dmmp/3.0.2.000/install/dmmp.cdanfo
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/dmmp/3.0.2.000/install/DMMP_Uninstall.cdas
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/WireControl/1.0.0.63/files/WireControl.dll
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/dmmp/3.0.2.000/files/controlPanel/index.html
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/dmmp/3.0.2.000/files/update_info/data.wts
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/WireControl/1.0.0.63/files/controlpanel/index.html
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/WireControl/1.0.0.63/files/install/WireControl.cdanfo
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\WINDOWS/wt/wtupdates/WireControl/1.0.0.63/files/install/WireControl_Uninstall.cdas
- C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent59.zip.vir\Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/sbRecovery.ini
- C:\PROGRAM FILES\PIXELA\IMAGEMIXER\RAMCHECK.DAT
- C:\Program Files\McAfee.com\Agent\uninst\screm.ui\agntcons.vbs
- C:\Program Files\McAfee.com\Agent\uninst\screm.ui\agntlang.vbs
- C:\Program Files\McAfee.com\Agent\uninst\screm.ui\comctl.lpk
- C:\Program Files\McAfee.com\Agent\uninst\screm.ui\config.ini
- C:\Program Files\McAfee.com\Agent\uninst\screm.ui\pbar.vbs
- C:\Program Files\McAfee.com\Agent\uninst\screm.ui\UnInsStr.vbs
- C:\Program Files\McAf��o\
OptionsScanning engines:
- F-Secure USS: 2.30.0
- F-Secure Hydra: 2.8.8110, 2008-10-02
- F-Secure AVP: 7.0.171, 2008-10-02
- F-Secure Pegasus: 1.20.0, 2008-08-09
- F-Secure Blacklight: 2.2.1092
Scanning options:Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
And the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36, on 2008-10-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rozzies.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1222640530_d64c52503b08a36992a2e550628aff61&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 5937 bytes
thank you Carolyn,
that has blocked a potencially unwanted program (PUP) on the computer
Name: Tool-NirCmd
Location:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP36\A0006512.exe
I dont know what to choose, to remove or close alert, the first time i did remove, now i'm going to click close alert... dont know if is a good file
No need to worry about that McAfee alert. The infected file is inside of a System Restore Point where it can do no harm... We'll purge your old System Restore Points and create a new clean one in a moment.
Update Adobe Acrobat Reader
There is a newer version of Adobe Acrobat Reader available.
When the installation is complete go to Add/Remove Programs and uninstall all previous versions.
If you don't like Adobe Reader, you can try Foxit PDF Reader. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
This is my general post for when your logs show no more signs of malware
Your log now appears to be clean. Congratulations!
Please delete the following from your computer
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.
Delete ComboFix and Clean Up
Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
Please advise if this step is missed for any reason as it performs some important actions, including reseting System Restore.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE
Recommended Programs
I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
Firefox
Opera
Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.
Also please read this great article by Tony Klein So How Did I Get Infected In First Place
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
If it wasn't for your help, i would it have lost all my family pictures for the past year that i didn't back up my files :sad2:
I will post a complaint because these people that goes infecting peoples computer deserves a punishment.
Again thank you, thank Icronic Forum for being here and help so many people that we dont have the oportunity just to send it to a store to have it fix...
I feel rescued from a horrible nightmare, thank you very much, now i will follow the last steps to finish your instructions
Thank you very much :thumbup
This would be a great time to back up those family photos!
http://www.bleepingcomputer.com/tutorials/tutorial127.html
This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead