Options

Need help with random pop-up and quirky IE

Unknown
edited September 2009 in Spyware & Virus Removal
Please help me with removing random pop-ups and quirky internet explorer. Sometimes an address bar is not present. My hijack log is below. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:23 PM, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\48MVBAGF\HijackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geoffreymason.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 138.232.66.195:3124
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DNSLander - {AEBB9A0D-AEB3-4763-A78A-4C09C526BEFA} - C:\Program Files\DNS Lander\DNSLander.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [A00F10BB34.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F10BB34.exe
O4 - HKCU\..\Run: [A00FB21DA.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00FB21DA.exe
O4 - HKCU\..\Run: [A00F3343505.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F3343505.exe
O4 - HKCU\..\Run: [A00F400D7.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F400D7.exe
O4 - HKCU\..\Run: [A00F2F60E.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F2F60E.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173149564947
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\commdlg32.dll
O20 - Winlogon Notify: 3c7246c0654 - C:\WINDOWS\System32\commdlg32.dll
O20 - Winlogon Notify: __c003DF10 - C:\WINDOWS\system32\__c003DF10.dat (file missing)
O20 - Winlogon Notify: __c0050BC - C:\WINDOWS\system32\__c0050BC.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
--
End of file - 15047 bytes

Comments

  • chiazchiaz
    edited September 2009
    Hello. :)

    Please download Malwarebytes' Anti-Malware by clicking the link below:
    http://www.besttechie.net/tools/mbam-setup.exe

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * You'll be required to post the contents of this log later.

    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> A guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.


    Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.


    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
  • japan1911
    edited September 2009
    Thank you for your response! Below are the logs.

    Malwarebytes' Anti-Malware 1.40
    Database version: 2734
    Windows 5.1.2600 Service Pack 3
    9/3/2009 7:12:29 AM
    mbam-log-2009-09-03 (07-12-29).txt
    Scan type: Quick Scan
    Objects scanned: 107113
    Time elapsed: 14 minute(s), 6 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 7
    Registry Keys Infected: 15
    Registry Values Infected: 7
    Registry Data Items Infected: 4
    Folders Infected: 4
    Files Infected: 44
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\WINDOWS\system32\commdlg32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Documents and Settings\Administrator\Local Settings\Temp\17.tmp (Trojan.Dropper) -> Delete on reboot.
    C:\WINDOWS\system32\83.tmp (Trojan.Tracur) -> Delete on reboot.
    C:\Program Files\DNS Lander\DNSLander.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\__c001960.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\__c0050BC.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\__c00957C9.dat (Trojan.Agent) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\3c7246c0654 (Trojan.Tracur) -> Delete on reboot.
    HKEY_CLASSES_ROOT\dnslander.bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8c9b75d5-4e03-4ad1-951d-5128be30d61d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d0c85e42-acdf-4187-8e62-35adbd53ee82} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d7f153a9-d96c-4dff-bc6c-3c677cb08325} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{aebb9a0d-aeb3-4763-a78a-4c09c526befa} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aebb9a0d-aeb3-4763-a78a-4c09c526befa} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aebb9a0d-aeb3-4763-a78a-4c09c526befa} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d0c85e42-acdf-4187-8e62-35adbd53ee82} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{2adf7faf-6e37-48c8-bc34-38dc4635273a} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0050bc (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003df10 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ppcbooster (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ppcbooster (Malware.Trace) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f10bb34.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fb21da.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f3343505.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f400d7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2f60e.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f459b5.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f24bcb9.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\commdlg32.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\commdlg32.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    Folders Infected:
    C:\Program Files\DNS Lander (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\ppcbooster (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
    Files Infected:
    C:\WINDOWS\system32\commdlg32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Documents and Settings\Administrator\Local Settings\Temp\17.tmp (Trojan.Dropper) -> Delete on reboot.
    C:\WINDOWS\system32\83.tmp (Trojan.Tracur) -> Delete on reboot.
    C:\Documents and Settings\Administrator\Local Settings\Temp\_A00FB21DA.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\_A00F3343505.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\_A00F400D7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\_A00F2F60E.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\_A00F459B5.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\_A00F24BCB9.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\DNS Lander\DNSLander.dll (Trojan.BHO) -> Delete on reboot.
    C:\Documents and Settings\Administrator\Local Settings\Temp\C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\1D9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\3E.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\60.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\61.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService\277.crack.zip (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\277.crack.zip.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\278.keygen.zip (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\278.keygen.zip.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\279.serial.zip (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\279.serial.zip.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\280.setup.zip (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\280.setup.zip.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\281.music.au (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\281.music.au.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\282.music2.au (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\282.music2.au.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\283.music3.au (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\283.music3.au.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\284.music4.au (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService\284.music4.au.kwd (Worm.Archive) -> Delete on reboot.
    C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0013D8C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c001535A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c001960.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\__c0033CFA.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0050BC.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\__c0050EF0.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00957C9.dat (Trojan.Agent) -> Delete on reboot.

    ComboFix 09-09-03.02 - Administrator 09/03/2009 22:55.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.503 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Administrator\Application Data\02000000849b14c7654C.manifest
    c:\documents and settings\Administrator\Application Data\02000000849b14c7654O.manifest
    c:\documents and settings\Administrator\Application Data\02000000849b14c7654P.manifest
    c:\documents and settings\Administrator\Application Data\02000000849b14c7654S.manifest
    c:\recycler\S-1-5-21-3889891629-4013885088-1961605638-500
    c:\windows\h288.exe
    c:\windows\Installer\44fb836.msp
    c:\windows\Installer\65f5e26.msp
    c:\windows\Installer\80d47.msp
    c:\windows\Installer\80d48.msp
    c:\windows\Installer\90534.msp
    c:\windows\system32\AkSESjYR4YOa9.vbs
    c:\windows\system32\Ao5Q2o8T9gzp3kn.vbs
    c:\windows\wiaservv.log
    C:\xcrashdump.dat
    D:\Autorun.inf
    .
    ((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
    .
    2009-09-03 11:55 . 2009-09-03 11:55
    d
    w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-09-03 11:55 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-03 11:55 . 2009-09-03 11:55
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-09-03 11:55 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-03 11:55 . 2009-09-03 11:55
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-01 02:51 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-07 04:01 . 2009-08-07 04:01
    d
    w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
    2009-08-07 04:01 . 2009-08-07 04:01
    d
    w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy
    2009-08-07 04:01 . 2009-08-07 04:01
    d
    w- c:\program files\Common Files\PACE Anti-Piracy
    2009-08-07 04:01 . 2009-08-07 04:01
    d
    w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy
    2009-08-07 03:38 . 2009-08-07 03:38
    d
    w- c:\program files\InterLok
    2009-08-07 02:11 . 2009-08-07 02:11
    d
    w- c:\documents and settings\Administrator\Application Data\Acoustica
    2009-08-07 02:11 . 2007-08-07 16:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
    2009-08-07 02:11 . 2009-08-07 02:31
    d
    w- c:\program files\VST
    2009-08-07 02:11 . 2009-08-07 02:11
    d
    w- c:\documents and settings\All Users\Application Data\Acoustica
    2009-08-07 02:11 . 2009-08-07 02:11
    d
    w- c:\program files\Acoustica Mixcraft 3
    2009-08-07 01:48 . 2009-08-07 03:10
    d
    w- c:\program files\Acoustica Shared Effects
    2009-08-07 01:48 . 2009-08-07 02:06
    d
    w- c:\program files\Acoustica Mixcraft
    2009-08-06 08:07 . 2009-08-06 08:07
    d
    w- c:\windows\system32\XPSViewer
    2009-08-06 08:07 . 2009-08-06 08:07
    d
    w- c:\program files\MSBuild
    2009-08-06 08:06 . 2009-08-06 08:06
    d
    w- c:\program files\Reference Assemblies
    2009-08-06 08:05 . 2009-08-06 08:06
    d
    w- C:\8dce011e95c2f61f5f3ed13173ba
    2009-08-06 08:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-06 08:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-06 08:05 . 2008-07-06 12:06 575488
    w- c:\windows\system32\xpsshhdr.dll
    2009-08-06 08:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-06 08:05 . 2008-07-06 12:06 1676288
    w- c:\windows\system32\xpssvcs.dll
    2009-08-06 08:05 . 2008-07-06 12:06 117760
    w- c:\windows\system32\prntvpt.dll
    2009-08-06 08:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-06 08:05 . 2009-08-06 10:40
    d
    w- c:\windows\SxsCaPendDel
    2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-07 03:27 . 2008-12-13 00:04
    d
    w- c:\documents and settings\Administrator\Application Data\LimeWire
    2009-08-06 11:04 . 2007-01-28 20:10 35840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-05 09:01 . 2006-06-22 21:06 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-03 08:10 . 2009-02-05 02:05
    d
    w- c:\program files\Microsoft Silverlight
    2009-08-02 20:05 . 2009-03-03 05:43
    d
    w- c:\program files\FormatFactory
    2009-08-02 20:04 . 2009-08-02 20:04
    d
    w- c:\program files\Codec Pack - All In 1
    2009-08-02 20:04 . 2009-08-02 20:04
    d
    w- c:\program files\Bonjour
    2009-07-19 23:48 . 2006-11-08 02:03 11067392 ----a-w- c:\windows\system32\ieframe(2).dll
    2009-07-17 19:01 . 2006-06-22 21:06 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 04:43 . 2006-06-22 21:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-07 13:23 . 2009-01-03 03:48
    d
    w- c:\documents and settings\Administrator\Application Data\mjusbsp
    2009-07-03 17:09 . 2006-06-22 21:07 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-16 14:36 . 2006-06-22 21:06 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2006-06-22 21:06 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-12 12:31 . 2006-06-22 21:06 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 12:31 . 2006-06-22 21:06 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:19 . 2006-06-23 04:15 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 14:13 . 2006-06-22 21:06 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 06:14 . 2006-06-22 21:07 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2008-08-05 11:12 . 2008-08-05 11:12 206 ----a-w- c:\program files\Shortcut to CD Drive.lnk
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
    "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
    "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-26 68296]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-09-14 577536]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "SmartSoft PDF Printer (demo) Agent"="c:\program files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 94208]
    "SmartSoft PDF Printer (demo) virtual printer agent"="c:\program files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 94208]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-04-08 75008]
    "RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-03-07 316672]
    "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-12-27 413696]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-1-20 507965]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-1-5 169472]
    Winter Fun Wallpaper Changer.lnk - c:\windows\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe [2008-12-28 14336]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
    2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    2001-11-02 16:50 24636 ----a-w- c:\windows\system32\PCANotify.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
    2002-08-29 17:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
    2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
    "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
    R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [11/10/2006 7:27 PM 18816]
    R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [11/10/2006 7:27 PM 9600]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [9/4/2007 9:43 AM 20608]
    S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [1/5/2008 9:15 AM 14092]
    S3 PAC207;PC [EMAIL="Camer@;c:\windows\system32\drivers\PFC027.SYS"]Camer@;c:\windows\system32\drivers\PFC027.SYS[/EMAIL] [5/14/2007 11:26 AM 508288]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder
    2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    2007-01-28 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]
    2007-01-28 c:\windows\Tasks\ISP signup reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]
    2007-01-28 c:\windows\Tasks\ISP signup reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]
    2009-07-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-16 18:32]
    2009-08-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-16 18:32]
    2008-01-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
    2008-01-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-22 01:08]
    2007-01-28 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-11-11 01:32]
    .
    - - - - ORPHANS REMOVED - - - -
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    Notify-NavLogon - (no file)

    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.geoffreymason.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = 138.232.66.195:3124
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ya6i8z1o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-03 23:07
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_USERS\S-1-5-21-2728128172-4184247038-823016758-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2a,84,6b,a9,a0,67,47,bc,25,78,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,2a,84,6b,a9,a0,67,47,bc,25,78,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,16,fd,9c,3f,ab,
    74,cb,6e,e2,63,26,f1,3f,c8,ff,68,e8,a0,af,50,30,c0,c3,73,e2,63,26,f1,3f,c8,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1b,e7,94,71,d7,
    bb,db,8c,6a,9c,d6,61,af,45,84,18,d3,bd,35,f8,9c,f5,18,0e,6a,9c,d6,61,af,45,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,b4,2e,1e,1f,22,
    72,6d,0f,ff,7c,85,e0,43,d4,0e,fe,8f,8e,ce,3f,04,e8,64,d8,ff,7c,85,e0,43,d4,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,07,5e,3d,15,90,
    e3,40,98,86,8c,21,01,be,91,eb,e7,c3,d3,ab,84,d2,1e,a0,08,86,8c,21,01,be,91,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e2,5c,13,3b,58,
    c8,4f,fa,f5,1d,4d,73,a8,13,5c,05,51,6e,c0,6e,35,20,21,e2,f5,1d,4d,73,a8,13,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e5,34,b3,6e,91,
    5f,54,44,df,20,58,62,78,6b,cf,c8,39,bd,04,f5,ae,14,fd,6f,df,20,58,62,78,6b,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,9b,8f,86,77,32,
    56,a1,40,fb,a7,78,e6,12,2f,9a,ea,54,90,8b,8e,be,1e,74,0b,fb,a7,78,e6,12,2f,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,3c,52,f4,fe,6b,
    79,aa,75,01,3a,48,fc,e8,04,4a,f1,5a,fc,99,08,62,07,02,fe,01,3a,48,fc,e8,04,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,93,52,87,a0,22,
    3c,a4,dc,f6,0f,4e,58,98,5b,89,c9,e8,41,76,56,70,d0,d6,60,f6,0f,4e,58,98,5b,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,27,c8,ab,5d,9b,
    48,ba,68,3d,ce,ea,26,2d,45,aa,78,a7,5d,67,fc,cb,a5,a1,3e,3d,ce,ea,26,2d,45,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,2a,72,38,52,26,
    f6,b4,c9,2a,b7,cc,b5,b9,7f,41,e7,68,d1,97,57,cf,fe,f3,25,2a,b7,cc,b5,b9,7f,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @=&quot;c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,77,5f,91,77,b3,
    28,47,bd,6c,43,2d,1e,aa,22,2f,9c,4f,39,85,20,dd,d8,7c,b0,6c,43,2d,1e,aa,22,\
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(896)
    c:\windows\system32\awgina.dll
    .
    Completion time: 2009-09-04 23:11
    ComboFix-quarantined-files.txt 2009-09-04 04:11
    Pre-Run: 15,744,393,216 bytes free
    Post-Run: 16,098,598,912 bytes free
    315 --- E O F --- 2009-09-02 11:32

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:35:04 PM, on 9/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geoffreymason.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 138.232.66.195:3124
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
    O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
    O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
    O4 - HKCU\..\Run: [Power2GoExpress] NA
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173149564947
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
    --
    End of file - 13603 bytes
  • chiazchiaz
    edited September 2009
    That removed a whole bunch of stuff! How's your PC running now?

    As a final check, let's have you go HERE (http://www.pandasecurity.com/activescan/index/) to run Panda ActiveScan 2.0
    Click the big green Scan now button
    If it wants to install an ActiveX component allow it
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    Once the scan is completed, please hit the notepad icon next to the text Export to:
    Save it to a convenient location such as your Desktop
    Post the contents of the ActiveScan.txt in your next reply.
  • japan1911
    edited September 2009
    The PC is running much better now, however when I attempted to run Panda ActiveScan 2.0 I recieved the following message.

    An error occurred while processing your request.
    Reference #97.8ea99d50.1252554097.1707960
  • chiazchiaz
    edited September 2009
    OK let's try another scanner....

    Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
Sign In or Register to comment.