Jump to content


Photo

Spyware removal


  • This topic is locked This topic is locked
6 replies to this topic

#1 newkid1

newkid1

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 08 July 2009 - 03:56 PM

Hi,
Im new here so pardon me if this has come up before, but I'm in a real deep hole.
Here is my situation.
I picked up a nasty little redirect bug that has limited my ability to solve the problem.
I ran Ad-aware and Windows defender scans, nothing.
I cannot run HJ, Malware or Spybot. I have tried everything I can think of. When the program(s) attempts to load they cannot make connection to the website(s) for whatever it needs to install.
So I went out and bought SPYWARE DR, and it wont wont work properly because it needs to download updates and those are blocked.
Running
Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name S-5WOP03H0NHT5X
System Manufacturer AWARD_
System Model AWRDACPI
System Type X86-based PC
Processor x86 Family 15 Model 2 Stepping 7 GenuineIntel ~2399 Mhz
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 3/4/2003
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name S-5WOP03H0NHT5X\STEVE
Time Zone Pacific Standard Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 248.25 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.86 GB

Oh yeah System restore is also not working.
Let me know what information you need from me

Thanks in advance

#2 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 08 July 2009 - 03:58 PM

Hello,

So I went out and bought SPYWARE DR, and it wont wont work properly because it needs to download updates and those are blocked.

If you can return it, I recommend doing so.


We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix

NOTE: When you download ComboFix.exe, rename it like so:

Posted Image
Posted Image


  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt (also try to get HijackThis working at this point; post a log from that if you can), so we may continue cleaning the system.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#3 newkid1

newkid1

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 09 July 2009 - 10:19 AM

A big thank you, Comb-fix worked and I was able to install all the others programs, all is well now. Now I just have to remember to always play safe. Thanks again

#4 newkid1

newkid1

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 09 July 2009 - 10:23 AM

A big thank you, Comb-fix worked and I was able to install all the others programs, all is well now. Now I just have to remember to always play safe. Thanks again

From HJ this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:00 AM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kyocera Mita\FileUtility\nsCatCom.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Nuance\PDF Professional 5\bin\PDFPlus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Scanner File Utility.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with PDF Converter 5.2 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100
O8 - Extra context menu item: Open with PDF Professional 5.2 - res://C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/...d/fastbidx1.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/o...utodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid Class) - http://www.bxwa.com/...bidx_plugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://ssl.elkayrem...stauthI/epi.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysme...sCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG6 Service (AvgServ) - Unknown owner - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/STEVE/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 15145 bytes

combo-fix

ComboFix 09-07-08.04 - STEVE 07/08/2009 15:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.682 [GMT -7:00]
Running from: c:\documents and settings\STEVE\Desktop\combo\Combo-Fix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\Installer\14e289.msi
c:\windows\Installer\184c14f.msp
c:\windows\Installer\184c284.msp
c:\windows\Installer\184c297.msp
c:\windows\Installer\184c2ab.msp
c:\windows\Installer\19245d.msp
c:\windows\Installer\1d10bc4.msp
c:\windows\Installer\1d10bd8.msp
c:\windows\Installer\1d10bec.msp
c:\windows\Installer\1d10c00.msp
c:\windows\Installer\1d10c17.msp
c:\windows\Installer\1d176d2.msp
c:\windows\Installer\299020.a984.msi
c:\windows\Installer\2ec1813.msp
c:\windows\Installer\2ec183d.msp
c:\windows\Installer\2ec1852.msp
c:\windows\Installer\2ec1866.msp
c:\windows\Installer\2ec186f.msp
c:\windows\Installer\41eec02.msp
c:\windows\Installer\4214a9.msi
c:\windows\Installer\42401f2.msp
c:\windows\Installer\424020d.msp
c:\windows\Installer\4240221.msp
c:\windows\Installer\4240235.msp
c:\windows\Installer\424023e.msp
c:\windows\Installer\4404e65.msi
c:\windows\Installer\482017.msi
c:\windows\Installer\48213d.msi
c:\windows\Installer\53e49.msi
c:\windows\Installer\6b8e8.msp
c:\windows\Installer\72df59.msi
c:\windows\Installer\a53e04.msi
c:\windows\Installer\b50f5d.msp
c:\windows\Installer\eb4d6e.msp
c:\windows\Installer\eb4d81.msp
c:\windows\Installer\eb4d9e.msp
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\MSIVXxjklytitfynbaorgruuhiawvoynsmcsr.sys
c:\windows\system32\MSIVXbftkdddmevekysjbpfbctxvvvjyrnocd.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXxupkatqodgidqeulxbwgrycigoeeneop.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-08 18:48 . 2009-07-08 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-07 18:01 . 2009-07-07 18:01 -------- d-----w- c:\program files\Belarc
2009-07-07 18:01 . 2008-03-06 18:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-07-07 17:52 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-07 17:52 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-07 17:52 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-07 17:52 . 2009-07-07 17:52 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-07 17:52 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-07 17:52 . 2009-07-07 17:53 -------- d-----w- c:\program files\Spyware Doctor
2009-07-07 17:52 . 2009-07-07 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-07-07 17:52 . 2009-07-07 17:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-07-07 17:44 . 2009-07-07 17:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-06 18:53 . 2009-07-06 18:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon
2009-07-06 16:14 . 2009-07-06 16:15 -------- dc-h--w- c:\windows\ie8
2009-07-02 22:43 . 2009-07-02 22:43 -------- d-----w- c:\program files\AVG
2009-07-02 22:06 . 2004-08-04 12:00 30208 -c--a-w- c:\windows\system32\dllcache\sm87w.dll
2009-07-02 22:05 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2009-07-02 22:04 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
2009-07-02 22:03 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-07-02 22:00 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-02 21:37 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-02 21:37 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-02 21:37 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-02 21:37 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-02 21:35 . 2009-07-02 21:35 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-07-02 18:58 . 2009-07-02 18:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Grisoft
2009-07-02 18:51 . 2009-07-02 18:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-02 18:31 . 2009-07-02 18:31 -------- d-----w- c:\program files\Trend Micro
2009-07-01 17:31 . 2009-07-02 20:02 -------- d-----w- c:\documents and settings\STEVE\Application Data\uTorrent
2009-07-01 16:22 . 2009-07-01 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-06-26 14:57 . 2009-07-02 16:04 -------- d-----w- C:\My Music
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-20 21:04 . 2009-06-20 21:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 20:43 . 2003-09-30 22:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-08 20:09 . 2007-08-09 20:37 -------- d-----w- c:\documents and settings\STEVE\Application Data\HPAppData
2009-07-08 18:30 . 2007-11-12 19:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-07 15:05 . 2003-06-10 18:54 -------- d-----w- c:\program files\Elkay Quote System
2009-07-06 18:24 . 2009-05-18 16:53 150293 ----a-w- c:\windows\hpoins33.dat
2009-07-02 21:59 . 2003-05-21 19:46 23372 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-02 20:04 . 2003-09-30 17:22 -------- d-----w- c:\program files\Google
2009-07-01 18:45 . 2007-07-13 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-01 18:45 . 2003-10-01 20:10 -------- d-----w- c:\program files\Lavasoft
2009-07-01 18:28 . 2005-06-07 16:10 -------- d-----w- c:\program files\LimeWire
2009-06-29 20:30 . 2008-06-26 20:39 -------- d-----w- c:\documents and settings\STEVE\Application Data\Yahoo!
2009-06-29 20:30 . 2007-01-08 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-26 14:54 . 2003-05-23 15:03 -------- d-----w- c:\program files\Common Files\Real
2009-06-26 14:53 . 2005-01-04 16:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-17 17:55 . 2008-12-01 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-03 22:32 . 2009-01-05 22:34 -------- d-----w- c:\program files\iTunes
2009-06-03 22:16 . 2009-06-03 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 22:16 . 2009-06-03 22:16 -------- d-----w- c:\program files\iPod
2009-06-03 22:16 . 2007-07-11 14:56 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 22:14 . 2009-06-03 22:14 -------- d-----w- c:\program files\Bonjour
2009-06-03 22:13 . 2008-01-14 22:28 -------- d-----w- c:\program files\QuickTime
2009-06-03 22:10 . 2007-04-04 18:40 -------- d-----w- c:\program files\Apple Software Update
2009-05-30 19:50 . 2009-05-30 19:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-20 23:06 . 2009-03-31 22:24 -------- d-----w- c:\program files\uvtexsync
2009-05-19 18:44 . 2007-04-24 17:02 -------- d-----w- c:\documents and settings\STEVE\Application Data\HTSKApp
2009-05-19 15:10 . 2003-10-01 23:22 -------- d-----w- c:\program files\Yahoo!
2009-05-18 17:30 . 2007-08-16 18:19 -------- d-----w- c:\documents and settings\STEVE\Application Data\HP
2009-05-18 17:28 . 2005-05-23 18:15 -------- d-----w- c:\program files\HP
2009-05-18 17:11 . 2007-08-09 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-05-18 17:10 . 2009-05-18 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-14 22:28 . 2003-09-30 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-14 22:21 . 2006-04-03 21:16 -------- d-----w- c:\program files\TaxCut05
2009-05-14 22:21 . 2009-03-12 20:45 -------- d-----w- c:\documents and settings\STEVE\Application Data\SUPERAntiSpyware.com
2009-05-14 22:21 . 2009-03-12 20:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-14 20:40 . 2008-12-01 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-14 20:40 . 2008-12-01 17:47 -------- d-----w- c:\program files\NOS
2009-05-14 20:35 . 2009-05-14 20:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-14 20:32 . 2003-05-23 15:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-13 19:12 . 2009-05-13 19:12 -------- d-----w- c:\program files\Windows Defender
2009-05-13 17:35 . 2007-11-12 16:57 -------- d-----w- c:\program files\Free Hide Folder
2009-05-13 15:46 . 2008-11-03 17:09 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-13 15:38 . 2003-06-05 17:11 -------- d-----w- c:\program files\PowerPoint Viewer
2009-05-07 15:39 . 2003-05-30 16:32 112632 ----a-w- c:\documents and settings\STEVE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 16:41 . 2009-04-14 15:39 141 ----a-w- c:\windows\wpd99.drv
2009-04-14 15:39 . 2009-04-14 15:39 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-04-14 15:39 . 2009-04-14 15:39 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-04-13 17:17 . 2009-04-13 17:15 29805040 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101lupd.exe
2005-11-29 23:17 . 2005-11-29 23:17 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll
2005-11-29 23:17 . 2005-11-29 23:17 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll
2005-11-29 23:17 . 2005-11-29 23:17 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll
2005-11-29 23:17 . 2005-11-29 23:17 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll
2005-11-29 23:17 . 2005-11-29 23:17 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll
2005-11-29 23:17 . 2005-11-29 23:17 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-12-23 795936]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-12-23 58656]
"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2008-11-03 54560]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-26 198160]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-8 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-8 805392]
Scanner File Utility.lnk - c:\program files\Kyocera Mita\FileUtility\NsCatCom.exe [2008-1-23 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 10:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSN Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MSN Desktop Search.lnk
backup=c:\windows\pss\MSN Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^STEVE^Start Menu^Programs^Startup^AOM(2).lnk]
path=c:\documents and settings\STEVE\Start Menu\Programs\Startup\AOM(2).lnk
backup=c:\windows\pss\AOM(2).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^STEVE^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\STEVE\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^STEVE^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\STEVE\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GEARSecurity"=2 (0x2)
"ScsiAccess"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VCOM\\Web Easy Pro\\WebEasy5.exe"=
"c:\\Program Files\\VCOM\\Web Easy Pro\\vcomFtp.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 6\\FileMaker Pro.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 8.5\\FileMaker Pro.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kyocera Mita\\FileUtility\\NsCatCom.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=
"c:\\32VerSee\\32VERSEE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/7/2009 10:52 AM 130936]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [12/23/2008 2:27 AM 144672]
R3 dp83820;National Semiconductor Corp. DP83820 Gigabit Network Controller Driver;c:\windows\system32\drivers\DP83820.sys [10/6/2004 8:33 AM 28062]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [10/2/2003 3:17 PM 37120]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AvgCore;AVG6 Kernel;\??\c:\progra~1\Grisoft\AVG6\avgcore.sys --> c:\progra~1\Grisoft\AVG6\avgcore.sys [?]
S2 AvgFsh;AVG6 Rezident Driver;\??\c:\progra~1\Grisoft\AVG6\avgfsh.sys --> c:\progra~1\Grisoft\AVG6\avgfsh.sys [?]
S2 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe --> c:\progra~1\Grisoft\AVG6\avgserv.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [6/9/2005 2:40 PM 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [6/9/2005 2:41 PM 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [6/9/2005 2:40 PM 21081]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [3/12/2007 3:06 PM 166720]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/7/2009 10:52 AM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder

2007-05-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2007-05-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-22 01:08]

2009-07-08 c:\windows\Tasks\User_Feed_Synchronization-{165DFFFD-177E-4C30-8DF0-C6B3E5F7327D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Converter 5.2 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Open with PDF Professional 5.2 - c:\program files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\STEVE\Application Data\Mozilla\Firefox\Profiles\default.9hm\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\npican.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 15:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-07-08 15:32
ComboFix-quarantined-files.txt 2009-07-08 22:31

Pre-Run: 176,615,632,896 bytes free
Post-Run: 177,108,697,088 bytes free

357 --- E O F --- 2009-06-29 14:46

Edited by newkid1, 09 July 2009 - 10:55 AM.


#5 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 10 July 2009 - 10:49 PM

Hi,

Note that the antivirus on your computer, AVG6, is outdated and has been replaced by AVG8-- however, AVG8 now bundles AVG Antispyware and some BHOs that really slow things down... I recommend uninstalling AVG6 and replacing it with either AntiVir (which I use) or avast! which is also excellent.


Next, please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Also... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u13.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • In the pull down menu next to Platform select Windows
  • Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windowsi586-p.exe to install the newest version.

Restart your computer, and post a fresh HijackThis log.


After that, please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.


After that, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#6 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 23 July 2009 - 01:43 AM

Still with us newkid1??

Please consider donating to help support the continued prompt and excellent services of this site.


#7 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 12 August 2009 - 03:52 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Please consider donating to help support the continued prompt and excellent services of this site.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button