• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
newkid1

Spyware removal

7 posts in this topic

Hi,

Im new here so pardon me if this has come up before, but I'm in a real deep hole.

Here is my situation.

I picked up a nasty little redirect bug that has limited my ability to solve the problem.

I ran Ad-aware and Windows defender scans, nothing.

I cannot run HJ, Malware or Spybot. I have tried everything I can think of. When the program(s) attempts to load they cannot make connection to the website(s) for whatever it needs to install.

So I went out and bought SPYWARE DR, and it wont wont work properly because it needs to download updates and those are blocked.

Running

Microsoft Windows XP Professional

Version 5.1.2600 Service Pack 2 Build 2600

OS Manufacturer Microsoft Corporation

System Name S-5WOP03H0NHT5X

System Manufacturer AWARD_

System Model AWRDACPI

System Type X86-based PC

Processor x86 Family 15 Model 2 Stepping 7 GenuineIntel ~2399 Mhz

BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 3/4/2003

SMBIOS Version 2.3

Windows Directory C:\WINDOWS

System Directory C:\WINDOWS\system32

Boot Device \Device\HarddiskVolume1

Locale United States

Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"

User Name S-5WOP03H0NHT5X\STEVE

Time Zone Pacific Standard Time

Total Physical Memory 1,024.00 MB

Available Physical Memory 248.25 MB

Total Virtual Memory 2.00 GB

Available Virtual Memory 1.96 GB

Page File Space 2.86 GB

 

Oh yeah System restore is also not working.

Let me know what information you need from me

 

Thanks in advance

Share this post


Link to post
Share on other sites

Hello,

 

So I went out and bought SPYWARE DR, and it wont wont work properly because it needs to download updates and those are blocked.
If you can return it, I recommend doing so.

 

 

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

NOTE: When you download ComboFix.exe, rename it like so:

 

CF_download_FF.gif

CF_download_rename.gif

 

 

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt (also try to get HijackThis working at this point; post a log from that if you can), so we may continue cleaning the system.

 

-screen317

Share this post


Link to post
Share on other sites

A big thank you, Comb-fix worked and I was able to install all the others programs, all is well now. Now I just have to remember to always play safe. Thanks again

Share this post


Link to post
Share on other sites
A big thank you, Comb-fix worked and I was able to install all the others programs, all is well now. Now I just have to remember to always play safe. Thanks again

From HJ this

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:22:00 AM, on 7/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\locator.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Kyocera Mita\FileUtility\nsCatCom.exe

C:\WINDOWS\System32\tlntsvr.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Nuance\PDF Professional 5\bin\PDFPlus.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll

O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll

O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe

O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe

O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Scanner File Utility.lnk = ?

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with PDF Converter 5.2 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100

O8 - Extra context menu item: Open with PDF Professional 5.2 - res://C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab

O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab

O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid Class) - http://www.bxwa.com/fastbid/fastbidx_plugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://ssl.elkayremote.com/postauthI/epi.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebas...sCamControl.ocx

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG6 Service (AvgServ) - Unknown owner - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/STEVE/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

 

--

End of file - 15145 bytes

 

combo-fix

 

ComboFix 09-07-08.04 - STEVE 07/08/2009 15:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.682 [GMT -7:00]

Running from: c:\documents and settings\STEVE\Desktop\combo\Combo-Fix.exe

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\INSTALL.LOG

c:\windows\Installer\14e289.msi

c:\windows\Installer\184c14f.msp

c:\windows\Installer\184c284.msp

c:\windows\Installer\184c297.msp

c:\windows\Installer\184c2ab.msp

c:\windows\Installer\19245d.msp

c:\windows\Installer\1d10bc4.msp

c:\windows\Installer\1d10bd8.msp

c:\windows\Installer\1d10bec.msp

c:\windows\Installer\1d10c00.msp

c:\windows\Installer\1d10c17.msp

c:\windows\Installer\1d176d2.msp

c:\windows\Installer\299020.a984.msi

c:\windows\Installer\2ec1813.msp

c:\windows\Installer\2ec183d.msp

c:\windows\Installer\2ec1852.msp

c:\windows\Installer\2ec1866.msp

c:\windows\Installer\2ec186f.msp

c:\windows\Installer\41eec02.msp

c:\windows\Installer\4214a9.msi

c:\windows\Installer\42401f2.msp

c:\windows\Installer\424020d.msp

c:\windows\Installer\4240221.msp

c:\windows\Installer\4240235.msp

c:\windows\Installer\424023e.msp

c:\windows\Installer\4404e65.msi

c:\windows\Installer\482017.msi

c:\windows\Installer\48213d.msi

c:\windows\Installer\53e49.msi

c:\windows\Installer\6b8e8.msp

c:\windows\Installer\72df59.msi

c:\windows\Installer\a53e04.msi

c:\windows\Installer\b50f5d.msp

c:\windows\Installer\eb4d6e.msp

c:\windows\Installer\eb4d81.msp

c:\windows\Installer\eb4d9e.msp

c:\windows\system32\AutoRun.inf

c:\windows\system32\drivers\MSIVXxjklytitfynbaorgruuhiawvoynsmcsr.sys

c:\windows\system32\MSIVXbftkdddmevekysjbpfbctxvvvjyrnocd.dll

c:\windows\system32\MSIVXcount

c:\windows\system32\MSIVXxupkatqodgidqeulxbwgrycigoeeneop.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_MSIVXserv.sys

 

 

((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))

.

 

2009-07-08 18:48 . 2009-07-08 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-07 18:01 . 2009-07-07 18:01 -------- d-----w- c:\program files\Belarc

2009-07-07 18:01 . 2008-03-06 18:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

2009-07-07 17:52 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-07-07 17:52 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-07-07 17:52 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-07-07 17:52 . 2009-07-07 17:52 -------- d-----w- c:\program files\Common Files\PC Tools

2009-07-07 17:52 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-07-07 17:52 . 2009-07-07 17:53 -------- d-----w- c:\program files\Spyware Doctor

2009-07-07 17:52 . 2009-07-07 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-07-07 17:52 . 2009-07-07 17:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools

2009-07-07 17:44 . 2009-07-07 17:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-07-06 18:53 . 2009-07-06 18:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon

2009-07-06 16:14 . 2009-07-06 16:15 -------- dc-h--w- c:\windows\ie8

2009-07-02 22:43 . 2009-07-02 22:43 -------- d-----w- c:\program files\AVG

2009-07-02 22:06 . 2004-08-04 12:00 30208 -c--a-w- c:\windows\system32\dllcache\sm87w.dll

2009-07-02 22:05 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2009-07-02 22:04 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe

2009-07-02 22:03 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll

2009-07-02 22:00 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2009-07-02 21:37 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-07-02 21:37 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-07-02 21:37 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-07-02 21:37 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-07-02 21:35 . 2009-07-02 21:35 -------- d-s---w- c:\windows\system32\config\systemprofile\History

2009-07-02 18:58 . 2009-07-02 18:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Grisoft

2009-07-02 18:51 . 2009-07-02 18:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-07-02 18:31 . 2009-07-02 18:31 -------- d-----w- c:\program files\Trend Micro

2009-07-01 17:31 . 2009-07-02 20:02 -------- d-----w- c:\documents and settings\STEVE\Application Data\uTorrent

2009-07-01 16:22 . 2009-07-01 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft

2009-06-26 14:57 . 2009-07-02 16:04 -------- d-----w- C:\My Music

2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\program files\Common Files\xing shared

2009-06-20 21:04 . 2009-06-20 21:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-08 20:43 . 2003-09-30 22:29 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-08 20:09 . 2007-08-09 20:37 -------- d-----w- c:\documents and settings\STEVE\Application Data\HPAppData

2009-07-08 18:30 . 2007-11-12 19:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-07-07 15:05 . 2003-06-10 18:54 -------- d-----w- c:\program files\Elkay Quote System

2009-07-06 18:24 . 2009-05-18 16:53 150293 ----a-w- c:\windows\hpoins33.dat

2009-07-02 21:59 . 2003-05-21 19:46 23372 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-02 20:04 . 2003-09-30 17:22 -------- d-----w- c:\program files\Google

2009-07-01 18:45 . 2007-07-13 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-07-01 18:45 . 2003-10-01 20:10 -------- d-----w- c:\program files\Lavasoft

2009-07-01 18:28 . 2005-06-07 16:10 -------- d-----w- c:\program files\LimeWire

2009-06-29 20:30 . 2008-06-26 20:39 -------- d-----w- c:\documents and settings\STEVE\Application Data\Yahoo!

2009-06-29 20:30 . 2007-01-08 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-06-26 14:54 . 2003-05-23 15:03 -------- d-----w- c:\program files\Common Files\Real

2009-06-26 14:53 . 2005-01-04 16:57 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-06-17 17:55 . 2008-12-01 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-03 22:32 . 2009-01-05 22:34 -------- d-----w- c:\program files\iTunes

2009-06-03 22:16 . 2009-06-03 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-03 22:16 . 2009-06-03 22:16 -------- d-----w- c:\program files\iPod

2009-06-03 22:16 . 2007-07-11 14:56 -------- d-----w- c:\program files\Common Files\Apple

2009-06-03 22:14 . 2009-06-03 22:14 -------- d-----w- c:\program files\Bonjour

2009-06-03 22:13 . 2008-01-14 22:28 -------- d-----w- c:\program files\QuickTime

2009-06-03 22:10 . 2007-04-04 18:40 -------- d-----w- c:\program files\Apple Software Update

2009-05-30 19:50 . 2009-05-30 19:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-05-20 23:06 . 2009-03-31 22:24 -------- d-----w- c:\program files\uvtexsync

2009-05-19 18:44 . 2007-04-24 17:02 -------- d-----w- c:\documents and settings\STEVE\Application Data\HTSKApp

2009-05-19 15:10 . 2003-10-01 23:22 -------- d-----w- c:\program files\Yahoo!

2009-05-18 17:30 . 2007-08-16 18:19 -------- d-----w- c:\documents and settings\STEVE\Application Data\HP

2009-05-18 17:28 . 2005-05-23 18:15 -------- d-----w- c:\program files\HP

2009-05-18 17:11 . 2007-08-09 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2009-05-18 17:10 . 2009-05-18 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2009-05-14 22:28 . 2003-09-30 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-05-14 22:21 . 2006-04-03 21:16 -------- d-----w- c:\program files\TaxCut05

2009-05-14 22:21 . 2009-03-12 20:45 -------- d-----w- c:\documents and settings\STEVE\Application Data\SUPERAntiSpyware.com

2009-05-14 22:21 . 2009-03-12 20:45 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-05-14 20:40 . 2008-12-01 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-05-14 20:40 . 2008-12-01 17:47 -------- d-----w- c:\program files\NOS

2009-05-14 20:35 . 2009-05-14 20:35 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-05-14 20:32 . 2003-05-23 15:54 -------- d-----w- c:\program files\Common Files\Adobe

2009-05-13 19:12 . 2009-05-13 19:12 -------- d-----w- c:\program files\Windows Defender

2009-05-13 17:35 . 2007-11-12 16:57 -------- d-----w- c:\program files\Free Hide Folder

2009-05-13 15:46 . 2008-11-03 17:09 -------- d-----w- c:\program files\OpenOffice.org 3

2009-05-13 15:38 . 2003-06-05 17:11 -------- d-----w- c:\program files\PowerPoint Viewer

2009-05-07 15:39 . 2003-05-30 16:32 112632 ----a-w- c:\documents and settings\STEVE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-30 16:41 . 2009-04-14 15:39 141 ----a-w- c:\windows\wpd99.drv

2009-04-14 15:39 . 2009-04-14 15:39 51716 ----a-w- c:\windows\system32\pdf995mon.dll

2009-04-14 15:39 . 2009-04-14 15:39 249856 ----a-w- c:\windows\system32\pdfmona.dll

2009-04-13 17:17 . 2009-04-13 17:15 29805040 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101lupd.exe

2005-11-29 23:17 . 2005-11-29 23:17 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll

2005-11-29 23:17 . 2005-11-29 23:17 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll

2005-11-29 23:17 . 2005-11-29 23:17 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll

2005-11-29 23:17 . 2005-11-29 23:17 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll

2005-11-29 23:17 . 2005-11-29 23:17 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll

2005-11-29 23:17 . 2005-11-29 23:17 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]

"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-12-23 795936]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-12-23 58656]

"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2008-11-03 54560]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-26 198160]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-8 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-8 805392]

Scanner File Utility.lnk - c:\program files\Kyocera Mita\FileUtility\NsCatCom.exe [2008-1-23 315392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 10:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk

backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSN Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MSN Desktop Search.lnk

backup=c:\windows\pss\MSN Desktop Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^STEVE^Start Menu^Programs^Startup^AOM(2).lnk]

path=c:\documents and settings\STEVE\Start Menu\Programs\Startup\AOM(2).lnk

backup=c:\windows\pss\AOM(2).lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^STEVE^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\STEVE\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^STEVE^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\STEVE\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GEARSecurity"=2 (0x2)

"ScsiAccess"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\VCOM\\Web Easy Pro\\WebEasy5.exe"=

"c:\\Program Files\\VCOM\\Web Easy Pro\\vcomFtp.exe"=

"c:\\Program Files\\FileMaker\\FileMaker Pro 6\\FileMaker Pro.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"c:\\StubInstaller.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\FileMaker\\FileMaker Pro 8.5\\FileMaker Pro.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Kyocera Mita\\FileUtility\\NsCatCom.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\SecondLife\\SLVoice.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=

"c:\\32VerSee\\32VERSEE.EXE"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/7/2009 10:52 AM 130936]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [12/23/2008 2:27 AM 144672]

R3 dp83820;National Semiconductor Corp. DP83820 Gigabit Network Controller Driver;c:\windows\system32\drivers\DP83820.sys [10/6/2004 8:33 AM 28062]

R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [10/2/2003 3:17 PM 37120]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 AvgCore;AVG6 Kernel;\??\c:\progra~1\Grisoft\AVG6\avgcore.sys --> c:\progra~1\Grisoft\AVG6\avgcore.sys [?]

S2 AvgFsh;AVG6 Rezident Driver;\??\c:\progra~1\Grisoft\AVG6\avgfsh.sys --> c:\progra~1\Grisoft\AVG6\avgfsh.sys [?]

S2 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe --> c:\progra~1\Grisoft\AVG6\avgserv.exe [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [6/9/2005 2:40 PM 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [6/9/2005 2:41 PM 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [6/9/2005 2:40 PM 21081]

S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [3/12/2007 3:06 PM 166720]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/7/2009 10:52 AM 348752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

.

Contents of the 'Scheduled Tasks' folder

 

2007-05-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

 

2007-05-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-22 01:08]

 

2009-07-08 c:\windows\Tasks\User_Feed_Synchronization-{165DFFFD-177E-4C30-8DF0-C6B3E5F7327D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

mSearch Bar =

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Open with PDF Converter 5.2 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100

IE: Open with PDF Professional 5.2 - c:\program files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\STEVE\Application Data\Mozilla\Firefox\Profiles\default.9hm\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll

FF - plugin: c:\program files\Opera\program\plugins\npican.dll

FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-08 15:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]

"ImagePath"="\"\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(672)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

Completion time: 2009-07-08 15:32

ComboFix-quarantined-files.txt 2009-07-08 22:31

 

Pre-Run: 176,615,632,896 bytes free

Post-Run: 177,108,697,088 bytes free

 

357 --- E O F --- 2009-06-29 14:46

Edited by newkid1

Share this post


Link to post
Share on other sites

Hi,

 

Note that the antivirus on your computer, AVG6, is outdated and has been replaced by AVG8-- however, AVG8 now bundles AVG Antispyware and some BHOs that really slow things down... I recommend uninstalling AVG6 and replacing it with either AntiVir (which I use) or avast! which is also excellent.

 

 

Next, please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

 

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

 

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

 

 

Also... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u13.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • In the pull down menu next to Platform select Windows
  • Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windowsi586-p.exe to install the newest version.

 

Restart your computer, and post a fresh HijackThis log.

 

 

After that, please download JavaRa and unzip it to your Desktop.

 

Double click JavaRa.exe then click Remove Older Versions.

 

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

 

 

After that, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

-screen317

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0